Jump to content

phoaly

Members
  • Content Count

    14
  • Joined

  • Last visited

About phoaly

  • Rank
    New Member
  1. I don't believe so! Thank you so much for all your help! ❤️
  2. Nevermind on that, I used the first runprompt command you gave me and got this. --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3) Started On Tue Jul 9 23:20:19 2019 Engine: 1.1.16000.6 Signatures: 1.295.1362.0 MpGear: 1.1.15747.1 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 9 23:24:46 2019 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.73, June 2019 (build 5.73.16044.1) Started On Fri Jul 12 14:07:05 2019 Engine: 1.1.15900.4 Signatures: 1.293.2420.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 12 14:12:04 2019 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.73, June 2019 (build 5.73.16044.1) Started On Fri Jul 12 15:15:41 2019 Engine: 1.1.15900.4 Signatures: 1.293.2420.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 12 15:20:21 2019 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.73, June 2019 (build 5.73.16044.1) Started On Fri Jul 12 15:21:03 2019 Engine: 1.1.15900.4 Signatures: 1.293.2420.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 12 15:24:22 2019 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.73, June 2019 (build 5.73.16044.1) Started On Fri Jul 12 15:25:38 2019 Engine: 1.1.15900.4 Signatures: 1.293.2420.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 12 15:29:05 2019 Return code: 0 (0x0)
  3. I ran the Microsoft malicious software removal tool again, as an administrator, 3 times. And each time I searched to bring up the msrt it gave me this error. However upon looking at the details for the scan it said there were no infections or issues on any of the things in the log.
  4. Fix result of Farbar Recovery Scan Tool (x64) Version: 10-07-2019 Ran by Lily Black (12-07-2019 14:53:56) Run:1 Running from C:\Users\pilto\OneDrive\Desktop Loaded Profiles: Lily Black & (Available Profiles: Lily Black & D-Class Personel) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: Task: {D1D9E2B3-D04E-4452-B1F4-B3E97505D209} - System32\Tasks\{7068EF27-1543-9138-B212-1497762E4AB2}\dagob => C:\PROGRA~2\COMMON~1\KUFITO~1\dagob.exe C:\PROGRA~2\COMMON~1\KUFITO~1 FirewallRules: [{38C19CC2-906B-4834-B0B4-5B27D1D32BA8}] => (Allow) LPort=1542 FirewallRules: [{FA9918EF-8B14-4B02-AC23-E81F867C0813}] => (Allow) LPort=1542 FirewallRules: [{8DB950D0-44CD-4661-B2F6-A316E06B55C4}] => (Allow) LPort=53 FirewallRules: [{9CEF1834-C0F4-4FF0-B2B1-C9717BCA8AFD}] => (Allow) LPort=53 EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1D9E2B3-D04E-4452-B1F4-B3E97505D209}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D9E2B3-D04E-4452-B1F4-B3E97505D209}" => removed successfully C:\WINDOWS\System32\Tasks\{7068EF27-1543-9138-B212-1497762E4AB2}\dagob => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7068EF27-1543-9138-B212-1497762E4AB2}\dagob" => removed successfully "C:\PROGRA~2\COMMON~1\KUFITO~1" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38C19CC2-906B-4834-B0B4-5B27D1D32BA8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA9918EF-8B14-4B02-AC23-E81F867C0813}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DB950D0-44CD-4661-B2F6-A316E06B55C4}" => removed successfully FirewallRules: [{9CEF1834-C0F4-4FF0-B2B1-C9717BCA8AFD}] => (Allow) LPort=53 => Error: No automatic fix found for this entry. =========== EmptyTemp: ========== BITS transfer queue => 11034624 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 143757133 B Java, Flash, Steam htmlcache => 76208277 B Windows/system/drivers => 122426 B Edge => 100470 B Chrome => 380878150 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 53964 B LocalService => 0 B LocalService => 0 B NetworkService => 19274 B NetworkService => 0 B pilto => 50688205 B D-Class Personel => 14484 B RecycleBin => 504827 B EmptyTemp: => 632.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:02:31 ====
  5. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2019 Ran by Lily Black (12-07-2019 14:20:32) Running from C:\Users\pilto\OneDrive\Desktop Windows 10 Home Version 1803 17134.829 (X64) (2018-05-23 12:04:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2750190111-669293689-376763079-500 - Administrator - Disabled) D-Class Personel (S-1-5-21-2750190111-669293689-376763079-1005 - Limited - Enabled) => C:\Users\D-Class Personel DefaultAccount (S-1-5-21-2750190111-669293689-376763079-503 - Limited - Disabled) Guest (S-1-5-21-2750190111-669293689-376763079-501 - Limited - Disabled) Lily Black (S-1-5-21-2750190111-669293689-376763079-1001 - Administrator - Enabled) => C:\Users\pilto WDAGUtilityAccount (S-1-5-21-2750190111-669293689-376763079-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.3 - Electronic Arts, Inc.) Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.) BYOND (HKLM-x32\...\BYOND) (Version: 512.1456 - BYOND) CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CORSAIR iCUE Software (HKLM-x32\...\{58C9C992-F16E-4B9B-8A12-2B39350AF0A1}) (Version: 3.16.56 - Corsair) Discord (HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Discord (HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\Discord) (Version: 0.0.305 - Discord Inc.) Discord (HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\Discord) (Version: 0.0.305 - Discord Inc.) Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC) Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden Google 日本語入力 (HKLM\...\{DD4E0E70-C0D8-4B20-947D-AF1BD276AFAC}) (Version: 2.24.3250.0 - Google Inc.) Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc) Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MHS Scoring Software (HKLM-x32\...\{BA1665F3-9F71-4B26-BD69-DCA452C32F4E}) (Version: 5.7.0 - Multi-Health Systems Inc) Hidden MHS Scoring Software (HKLM-x32\...\MHS Scoring Software) (Version: 5.7.0 - Multi-Health Systems inc) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2750190111-669293689-376763079-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135339810\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2750190111-669293689-376763079-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135417873\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD) MTG Arena (HKLM-x32\...\{5994F21F-2F7B-47A7-B933-7BA96A705D33}) (Version: 0.1.1080.0 - Wizards of the Coast) Hidden MTG Arena (HKLM-x32\...\MTG Arena 0.1.1080.0) (Version: 0.1.1080.0 - Wizards of the Coast) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation) NVIDIA Graphics Driver 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.) paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC) Parsec (HKLM-x32\...\Parsec) (Version: - Parsec Cloud Inc.) Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0018 - REALTEK Semiconductor Corp.) Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SURVEY_PROGRAM (HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\SURVEY_PROGRAM) (Version: - ) SURVEY_PROGRAM (HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\SURVEY_PROGRAM) (Version: - ) SURVEY_PROGRAM (HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\SURVEY_PROGRAM) (Version: - ) Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.1.3 - Electronic Arts, Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.18.6 - Black Tree Gaming Ltd.) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) Wrye Mash (HKLM-x32\...\Wrye Mash) (Version: - Wrye) XTREME GAMING ENGINE (HKLM-x32\...\GIGABYTE XTREME GAMING ENGINE_is1) (Version: 1.2.5.1 - GIGABYTE Technology Co.,Inc.) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.3.0_x86__kgqvnymyfvs32 [2019-07-11] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-10] (king.com) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.1.1.1_x86__h6adky7gbf63m [2019-07-10] (Gameloft.) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-09] (Dolby Laboratories) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.575.0_x64__v10z8vjag6ke6 [2019-06-28] (HP Inc.) Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.31.0_x64__kejf07qmg0jnm [2019-07-11] (Keeper Security Inc) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-19] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x64__8wekyb3d8bbwe [2018-08-15] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-11-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-06-26] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Studios) MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0 [2019-07-02] (Spotify AB) Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-10-14] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\pilto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GeForce Experience Stream Client.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gjljknijpnfibppaijefibndmiabonep ==================== Loaded Modules (Whitelisted) ============== 2018-11-01 20:35 - 2014-04-17 09:54 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\P2PLib.dll 2019-01-28 20:29 - 2019-01-28 20:29 - 000015872 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libEGL.DLL 2019-01-28 20:28 - 2019-01-28 20:28 - 002786816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libGLESv2.dll 2019-05-08 18:04 - 2019-05-08 18:04 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll 2019-05-08 18:00 - 2019-05-08 18:00 - 000098816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll 2017-10-11 01:42 - 2014-05-01 02:49 - 000025088 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\BSL430.dll 2017-10-11 01:42 - 2016-08-18 20:26 - 000225792 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvFireware.dll 2019-04-21 01:33 - 2019-04-21 01:33 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2019-04-21 01:32 - 2019-04-21 01:32 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2019-04-21 01:33 - 2019-04-21 01:33 - 000649216 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2019-04-21 01:32 - 2019-04-21 01:32 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2019-04-21 01:33 - 2019-04-21 01:33 - 000367104 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2018-11-01 20:35 - 2014-04-17 09:54 - 000221184 _____ () [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll 2017-10-11 01:42 - 2016-08-10 00:29 - 000270336 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GVBIOSLib.dll 2017-10-11 01:42 - 2015-05-24 18:21 - 000013312 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvCrypt.dll 2017-10-11 01:42 - 2016-08-30 08:26 - 000335872 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GVDisplay.dll 2017-10-11 01:42 - 2016-12-07 20:54 - 000218112 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvOrderLib.dll 2019-01-06 23:43 - 2019-01-06 23:43 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL 2019-01-06 23:43 - 2019-01-06 23:43 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL 2018-11-01 20:35 - 2014-04-17 09:54 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\IpLib.dll 2018-11-01 20:35 - 2014-04-17 09:54 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlQRCode.dll 2019-04-02 14:21 - 2019-04-02 14:21 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll 2019-04-18 13:50 - 2019-04-18 13:50 - 001299456 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LIBEAY32.dll 2019-04-18 13:50 - 2019-04-18 13:50 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ssleay32.dll 2018-11-01 20:35 - 2014-04-17 09:54 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\LIBEAY32.dll 2019-01-29 07:53 - 2019-01-29 07:53 - 000081408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\audio\qtaudio_wasapi.dll 2019-01-29 07:52 - 2019-01-29 07:52 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\audio\qtaudio_windows.dll 2019-01-28 20:35 - 2019-01-28 20:35 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qgif.dll 2019-01-29 07:21 - 2019-01-29 07:21 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qicns.dll 2019-01-28 20:35 - 2019-01-28 20:35 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qico.dll 2019-01-28 20:36 - 2019-01-28 20:36 - 000364032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qjpeg.dll 2019-01-29 07:21 - 2019-01-29 07:21 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qsvg.dll 2019-01-29 07:20 - 2019-01-29 07:20 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtga.dll 2019-01-29 07:21 - 2019-01-29 07:21 - 000331776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtiff.dll 2019-01-29 07:20 - 2019-01-29 07:20 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwbmp.dll 2019-01-29 07:21 - 2019-01-29 07:21 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwebp.dll 2019-01-28 20:37 - 2019-01-28 20:37 - 001192960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\platforms\qwindows.dll 2019-01-28 20:30 - 2019-01-28 20:30 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Concurrent.dll 2019-05-08 18:35 - 2019-05-08 18:35 - 005087232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll 2019-01-28 20:32 - 2019-01-28 20:32 - 005341184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Gui.dll 2019-01-29 07:50 - 2019-01-29 07:50 - 000576512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Multimedia.dll 2019-01-28 20:31 - 2019-01-28 20:31 - 001043456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Network.dll 2019-01-29 07:42 - 2019-01-29 07:42 - 003360768 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Qml.dll 2019-01-29 07:37 - 2019-01-29 07:37 - 003175936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Quick.dll 2019-01-29 07:55 - 2019-01-29 07:55 - 000142336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickControls2.dll 2019-01-29 07:54 - 2019-01-29 07:54 - 000848384 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickTemplates2.dll 2019-01-29 07:50 - 2019-01-29 07:50 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Scxml.dll 2019-01-28 20:30 - 2019-01-28 20:30 - 000156672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Sql.dll 2019-01-29 07:21 - 2019-01-29 07:21 - 000264704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Svg.dll 2019-01-28 20:34 - 2019-01-28 20:34 - 004529152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Widgets.dll 2019-01-29 08:04 - 2019-01-29 08:04 - 000444416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5WinExtras.dll 2019-01-28 20:30 - 2019-01-28 20:30 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Xml.dll 2019-01-29 07:49 - 2019-01-29 07:49 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2019-01-29 07:48 - 2019-01-29 07:48 - 000056320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2019-01-29 07:40 - 2019-01-29 07:40 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick.2\qtquick2plugin.dll 2019-01-29 08:00 - 2019-01-29 08:00 - 000447488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2019-01-29 07:56 - 2019-01-29 07:56 - 000271360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-01-29 07:41 - 2019-01-29 07:41 - 000072192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-01-29 07:55 - 2019-01-29 07:55 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2019-01-29 07:41 - 2019-01-29 07:41 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Window.2\windowplugin.dll 2019-01-28 20:36 - 2019-01-28 20:36 - 000122880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\styles\qwindowsvistastyle.dll 2017-10-11 01:42 - 2016-09-19 14:06 - 000200704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvAutoUpdate.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2017-10-11 00:21 - 2017-10-11 00:21 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135317185\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135357123\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135319467\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135403373\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-2750190111-669293689-376763079-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pilto\Pictures\Saved Pictures\sylveon___moonblast_by_ishmam-d68pufl.png HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\Control Panel\Desktop\\Wallpaper -> C:\Users\pilto\Pictures\Saved Pictures\sylveon___moonblast_by_ishmam-d68pufl.png HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\Control Panel\Desktop\\Wallpaper -> C:\Users\pilto\Pictures\Saved Pictures\sylveon___moonblast_by_ishmam-d68pufl.png HKU\S-1-5-21-2750190111-669293689-376763079-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135339810\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2750190111-669293689-376763079-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135417873\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\StartupApproved\Run: => "Parsec.App.0" HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\StartupApproved\Run: => "Parsec.App.0" HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\StartupApproved\Run: => "Parsec.App.0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{180D3F51-4D5D-454E-928F-4BBC0B36148C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{A50E4B7E-2D4C-4AF8-8EC7-3B431EF1BB58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{DDCDE9CE-1F28-4CC4-9891-C18FBACAC69B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe (Double Fine Productions) [File not signed] FirewallRules: [{7AFBB987-F237-4602-9AC8-E8DBB87DB74C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe (Double Fine Productions) [File not signed] FirewallRules: [{3C5EB6B7-97B2-4335-B9C7-929B144B1E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{622455FA-6FB3-4533-BC8C-BD3B6AB8609C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{8454B85D-76EF-47D8-B4A4-4BC047045EE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{1036CCAA-A120-4D22-B297-E09B4AF24B3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [UDP Query User{1BF234C8-9ABE-481E-8293-A664978D8AFD}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [TCP Query User{445ABB3D-9581-4084-96DB-C5970D5534B3}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [{FB42A348-E4E4-4AE4-968E-691C0992100A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [{DDC4CF1E-7375-4E30-AFD9-6438CAE9E8A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) FirewallRules: [{D78EB99E-6D5B-43F4-8346-1F03C50606E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{1CF5E0D7-4CC9-47DE-93D1-2155B16DF870}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{551521E8-4724-44B8-A3AD-3FEF8B6A1D2A}] => (Block) C:\program files (x86)\steam\steamapps\common\ruiner\ruiner\binaries\win64\ruiner-win64-shipping.exe (Reikon Games Sp. z.o.o) [File not signed] FirewallRules: [{DCCAFFBE-6736-4A2E-AC33-A06AFAC561BC}] => (Block) C:\program files (x86)\steam\steamapps\common\ruiner\ruiner\binaries\win64\ruiner-win64-shipping.exe (Reikon Games Sp. z.o.o) [File not signed] FirewallRules: [UDP Query User{43F7C5D8-0693-47A0-BA58-91CC9A14D363}C:\program files (x86)\steam\steamapps\common\ruiner\ruiner\binaries\win64\ruiner-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ruiner\ruiner\binaries\win64\ruiner-win64-shipping.exe (Reikon Games Sp. z.o.o) [File not signed] FirewallRules: [TCP Query User{C43C672C-2614-4CFB-AA2B-D7FB811F26A2}C:\program files (x86)\steam\steamapps\common\ruiner\ruiner\binaries\win64\ruiner-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ruiner\ruiner\binaries\win64\ruiner-win64-shipping.exe (Reikon Games Sp. z.o.o) [File not signed] FirewallRules: [{7580D631-867F-4453-8D22-955ECD553EFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> ) FirewallRules: [{FA2601F3-2EFE-4599-AE19-3F857626D05A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> ) FirewallRules: [{C878C44E-B228-43CB-96F7-65175AB2DDB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RUINER\Ruiner.exe () [File not signed] FirewallRules: [{7827E916-E6F8-4E9E-AA0C-CDC13146974A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RUINER\Ruiner.exe () [File not signed] FirewallRules: [{09E0BE02-11BB-40AB-B768-F484F924CE56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadRising4\deadrising4.exe (CAPCOM Co.,Ltd. -> CAPCOM CO., LTD.) FirewallRules: [{54E58F31-3293-400B-A82D-0961F2594202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadRising4\deadrising4.exe (CAPCOM Co.,Ltd. -> CAPCOM CO., LTD.) FirewallRules: [{94E0BC20-CD98-4B83-92F9-9E66A36CF8DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Starbase Commander\H6.exe () [File not signed] FirewallRules: [{D92457BB-4819-420C-8A2F-6AA296FF0759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Starbase Commander\H6.exe () [File not signed] FirewallRules: [{87ABD466-CA48-4098-963E-CC952C0EBEF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Lightspeed Edition\H6.exe () [File not signed] FirewallRules: [{22B16727-B73D-4640-89B2-0D016153D4B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Halcyon 6 Lightspeed Edition\H6.exe () [File not signed] FirewallRules: [{7E8C3077-EF0C-496B-8DA1-778AE4DDF004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{60490E8B-5931-43E9-8B7C-7CCEA225099D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{4569C1DB-4DB8-410C-A3EE-2DB4B2371CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed] FirewallRules: [{5A9965D6-EA53-43EB-A329-97F3152339B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed] FirewallRules: [{89182E30-A889-4ACF-A503-0C58AC2C4499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{74D98E53-BDD5-4318-997D-BB4C74F7B99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{EA875F5A-27EF-4909-9538-6DF82205A14F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [{8A4B3F05-016E-4A24-843D-554CDC6E15DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [{9BE5C0D2-EAB0-4845-B08B-0F025AEE0FB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive) [File not signed] FirewallRules: [{11636BF9-090C-4391-B9F9-B6A06B89C693}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe (Paradox Interactive) [File not signed] FirewallRules: [{7991E64C-754B-4D53-9B28-3B363D7903F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heavy Bullets\HEAVY_BULLETS.exe () [File not signed] FirewallRules: [{7BC2FF40-4D97-4A47-9F9E-880A8C7CFB6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heavy Bullets\HEAVY_BULLETS.exe () [File not signed] FirewallRules: [{3260985B-8EBF-48C8-810F-FC179898A8D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{1B8BBFF0-8FBD-4F19-842E-333C83DA4FCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{A4C34ABB-1F1C-4A59-975C-2544BA185612}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{BC46F382-4274-4868-A0AD-534B4CC8A936}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{9CEDF6A9-5F9D-446A-8170-75CAA299F6EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{C60BAB9C-1A6B-4C1F-98B6-294038CAA046}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{A91F5971-9D2C-40CA-A953-562892893A3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{E4CEE41E-8C53-4D51-B5BC-AE39FA5F5443}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{C611D9A8-3DB8-4FA8-90E3-0E2896E4D42A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (Valve Corp. -> THQ Inc.) [File not signed] FirewallRules: [{C537DAB0-FE2D-4A6E-8489-43D4C23E8E6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (Valve Corp. -> THQ Inc.) [File not signed] FirewallRules: [{5E7A0D82-60F7-4C79-8F08-36BC65B1CC68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (Valve Corp. -> THQ Inc.) [File not signed] FirewallRules: [{FB7F5DA6-56F5-4D42-8CEC-E23BA05F2720}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (Valve Corp. -> THQ Inc.) [File not signed] FirewallRules: [{6F94A483-03BD-4220-BD4F-3386C4114EDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe (THQ Inc.) [File not signed] FirewallRules: [{2BE1B016-56FF-4CEC-B7F6-07FE5104DF00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe (THQ Inc.) [File not signed] FirewallRules: [{BD2A7CF1-AF3C-45A2-B835-8841C2BD51F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cortex Command\Cortex Command.exe () [File not signed] FirewallRules: [{65C94681-E12E-4DB2-AC2D-8610F75DEFEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cortex Command\Cortex Command.exe () [File not signed] FirewallRules: [{303C95D8-1833-448A-B283-FE14A1BC4A88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Desert Online\Black Desert Online Steam Launcher.exe (Kakao Games Europe B.V. -> KakaoGames USA Inc.) FirewallRules: [{CC9DEEB8-A7A9-4968-AED1-9E6FB3338A59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Desert Online\Black Desert Online Steam Launcher.exe (Kakao Games Europe B.V. -> KakaoGames USA Inc.) FirewallRules: [{37529444-D155-4343-8CA8-CCB76967B882}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EE041062-7BB9-42D4-9ADF-4DFEEC67622C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{31D0D571-EDC3-45B4-8E30-E3BEDE7A7944}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{96F0E115-A88A-4D12-BDF6-B737BBE4264F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C2D956D1-51F9-4627-82AB-F9DDFF2A1B88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F4147930-1CB0-4A99-8FD4-BD02C6EA233C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F9985D8E-13B5-499B-AA1D-D8461F8F1F7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E136C767-4376-4D62-A42F-2C5656D0EA86}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{A2D0B7F4-204F-4946-A780-D0CEAC0A49C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed] FirewallRules: [{7A1A32E4-E4B1-45B2-8711-CF2F790BD8FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed] FirewallRules: [{28E06349-75A6-4764-A5B3-78CFB22C5B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe () [File not signed] FirewallRules: [{C13DE636-1EE6-48FF-80F9-A96AF718FB45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe () [File not signed] FirewallRules: [{E6F08235-AF10-4D6D-9898-75AA837B840D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{FA0EC741-5300-443E-808C-9238AC52749B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{6E4A4779-F25A-4F28-9505-F6BB664FEFD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed] FirewallRules: [{0161D6F4-5C94-4C19-8282-3366A1BB39B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed] FirewallRules: [{8E71CAB4-F2F6-4FE0-AAF1-B42E0E6467DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.) FirewallRules: [{EF9DE219-64B4-43A0-9CF9-1BE698C987F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.) FirewallRules: [{7F700047-22CB-4570-B104-B49657BEF4F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe (Vivendi Universal Games) [File not signed] FirewallRules: [{6DBBC523-8604-40A1-A6CF-B8D90DCA9E09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\2016_SpaceQuestCollection\SierraLauncher.exe (Vivendi Universal Games) [File not signed] FirewallRules: [{DA924B87-F668-45CB-8D6F-9A548707CF49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe (Vivendi Universal Games) [File not signed] FirewallRules: [{0411B6BD-831A-45C0-B772-728F7242C3F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Quest Collection\SierraLauncher.exe (Vivendi Universal Games) [File not signed] FirewallRules: [{7A45C24B-E293-4B50-8F9B-74B2FDA82543}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament\System\UnrealTournament.exe () [File not signed] FirewallRules: [{411E79C7-E668-4D87-BD65-02B37E819EEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament\System\UnrealTournament.exe () [File not signed] FirewallRules: [{62C2B326-B080-42B2-ACAA-4366D947DF7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\SporeBin\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{49B141E6-1746-4E46-A171-882A4612CE73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\SporeBin\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{5559F9E5-6DB2-4258-B8B0-03C1638D2BB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\runme.exe () [File not signed] FirewallRules: [{374469F8-2CED-435D-8BA4-574BD1BCC60B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\runme.exe () [File not signed] FirewallRules: [{BBC3853C-AB1F-4B0D-80CC-129A31A39848}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe (Bethesda Softworks) [File not signed] FirewallRules: [{5CCCB8DB-3240-4B19-946F-A94B145EDE66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe (Bethesda Softworks) [File not signed] FirewallRules: [{1190422B-5FBD-4DEA-8D17-16B6EAEE874F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\SporebinEP1\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{4DAF4B82-45C7-4E2B-BA6B-7896095F0E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spore\SporebinEP1\SporeApp.exe (Maxis, a division of Electronic Arts Inc.) [File not signed] FirewallRules: [{F816B68D-6172-4F9F-BF66-281578B93C5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [{1DD1EB7B-A42F-4A83-BE11-C867B89ABDB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [{EC8939A6-3100-4D9E-AE3D-130FAD0F7B45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed] FirewallRules: [{6BB9E6C0-1A39-4D87-92D1-06D39ECFB233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed] FirewallRules: [{8A015513-23DA-4BFA-A01A-44D6EB13A709}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe (Cellar Door Games, Inc.) [File not signed] FirewallRules: [{8C7B57D8-94E3-471B-9C92-538D482B2972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe (Cellar Door Games, Inc.) [File not signed] FirewallRules: [{5867C9A5-BEFD-46EE-A320-857B0EAE402D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed] FirewallRules: [{EA8EEB65-7A08-4E53-A20B-0A6180C4422C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed] FirewallRules: [{BDBB8AC1-74F6-4F31-BF5D-7E21F2A7C869}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe (sparsevector) [File not signed] FirewallRules: [{CA9C7577-75BA-4FDB-87A3-F3E8E1B9EE97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe (sparsevector) [File not signed] FirewallRules: [{221429DA-F473-4917-B151-30B4E65204F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe () [File not signed] FirewallRules: [{CA199021-017E-44C9-89C4-393223E1550C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe () [File not signed] FirewallRules: [{7FCAE384-7C0A-44CF-BAC0-5B52691EFCC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed] FirewallRules: [{E699223E-2FE9-4E30-90B2-70E1BB273B7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed] FirewallRules: [{A67EDFAB-9398-45F1-9789-34E260E76C1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{E444045C-CDB4-48C8-8349-85331684475A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{91A5BED6-976C-4376-AA68-010D740E3A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe () [File not signed] FirewallRules: [{6F06E3E5-3676-47FE-B63D-A3F678F92335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe () [File not signed] FirewallRules: [{D9FD9EE2-EDF3-485A-8B14-117DC6E93EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{AE8E7436-A6E1-455D-9395-B48249B8B7F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{022064B2-B562-42D3-97DD-D92003DFB71F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe () [File not signed] FirewallRules: [{D76E94CA-89C9-405E-ACA7-2E51D0C8F9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe () [File not signed] FirewallRules: [{48C94662-C4AD-4E3B-B589-67725ED9ACBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed] FirewallRules: [{8FD983BA-AEC6-4BD5-B814-6A784CA331FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed] FirewallRules: [{2E5DD836-4764-4B23-9E81-1B7AE11CA595}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HunieCam Studio\HunieCamStudio.exe () [File not signed] FirewallRules: [{72BD3D67-C54E-44C8-95C8-6C9CD33420DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HunieCam Studio\HunieCamStudio.exe () [File not signed] FirewallRules: [{EEBC9D7F-ACB3-40AF-A320-2BC2381610ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed] FirewallRules: [{22C6C6C4-3528-41AB-A345-D12647C5D4AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed] FirewallRules: [{E4E21EF2-B0B8-473C-BBB9-9A8DBE6A47AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed] FirewallRules: [{8A433EEF-EBDF-4787-9FB3-8CF3B13F7523}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed] FirewallRules: [{5B0D363C-26AE-4DBA-BEB9-EC092BA48742}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HIVESWAP ACT 1\Hiveswap-Act1.exe () [File not signed] FirewallRules: [{D52EB4D2-EC46-43A6-84DA-5D9AA219BBDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HIVESWAP ACT 1\Hiveswap-Act1.exe () [File not signed] FirewallRules: [TCP Query User{B49A15FB-9A95-48B8-95F0-CBD62FCC52C6}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe ( ) [File not signed] FirewallRules: [UDP Query User{81449B2B-7DE1-4A08-B5F6-3888F9453576}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe ( ) [File not signed] FirewallRules: [{8A799584-7002-43CB-BA53-5162D1541024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drawful 2\Drawful 2.exe () [File not signed] FirewallRules: [{D497B2F2-84FF-45BA-BCC8-368C8D4618E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drawful 2\Drawful 2.exe () [File not signed] FirewallRules: [{74FD2E2C-EE5B-4755-930B-F0AE968F216C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> ) FirewallRules: [{28821B30-B7EE-4860-A281-506A0A4686A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> ) FirewallRules: [{557C6D6F-4906-4FE4-8FAD-35ABDAF08552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe (Firaxis Games) [File not signed] FirewallRules: [{AAFE1D28-E958-413E-B02C-28B8FFCB2228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe (Firaxis Games) [File not signed] FirewallRules: [{5BDDF5EA-D5CB-4960-8264-06D70AF79C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed] FirewallRules: [{BA70B528-4F46-49FD-8701-0C0DFF2E863F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed] FirewallRules: [{1E0ACE0C-71F5-498D-8FE7-A4DF5AF03362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed] FirewallRules: [{B378B358-8B30-413D-A6D8-321F866414D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed] FirewallRules: [{F840CC40-E4B7-4A93-8857-1580CACF295A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe (Firaxis Games) [File not signed] FirewallRules: [{E054C97A-FA0C-4824-BA51-FB0EA0E82522}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe (Firaxis Games) [File not signed] FirewallRules: [{B4C7445A-999F-4D56-867C-3D04490C55ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe (Firaxis Games) [File not signed] FirewallRules: [{4CE9C055-F457-4EB6-AD6E-8096A306B438}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe (Firaxis Games) [File not signed] FirewallRules: [{3E919F61-0048-4ABE-936D-319999774B69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exe (ZeniMax Media) [File not signed] FirewallRules: [{314D65E1-374C-4A49-A5AF-0A51353C0DE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exe (ZeniMax Media) [File not signed] FirewallRules: [{B9738561-37C3-4C9E-9079-10CB04708C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe () [File not signed] FirewallRules: [{3A055891-68FD-4A85-AF5B-55E7362C91D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe () [File not signed] FirewallRules: [{12CBC8B3-4E05-4C55-8A0E-E94D758466F1}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe (Echobit, LLC -> Echobit LLC) FirewallRules: [{FE68668B-81C6-44BA-9352-ECF28DCDEBF2}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe (Echobit, LLC -> Echobit LLC) FirewallRules: [TCP Query User{91121DA5-E509-4273-A681-31A1BC20B186}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe ( ) [File not signed] FirewallRules: [UDP Query User{B6509899-6C1A-4E64-A370-5F954F8F575A}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe ( ) [File not signed] FirewallRules: [{3883203E-3FE8-4D79-8985-C91BA0C8FC48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House a.s. -> Keen Software House) FirewallRules: [{DB592975-87C9-420C-AD30-89B506F8819F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House a.s. -> Keen Software House) FirewallRules: [{7EEAB646-0E1B-4218-8979-54796087F657}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{9D1A0BC1-0B25-4B94-89F0-9FE692A67E51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{5121C858-75D2-49B8-B932-1B7E3C630046}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{C37C32AD-7EB0-4CB9-B1D8-3883F8C4149F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{4DC602D8-347C-4EE3-9A79-4F2F7610A3A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{46FE7254-0D42-46CD-B66F-0D726B560FA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{E71F0574-0D9C-4C1A-A857-F7D9BB2E8E75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe () [File not signed] FirewallRules: [{8AC93EF4-6B94-43F0-8E98-7D97692875CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe () [File not signed] FirewallRules: [{A00BCB2A-C38D-4BE8-BB35-C60C4B1C5D34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{798756B1-B8F6-4ED0-AA6E-7E0CCFF1A4AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{BB19079D-A26E-4564-A0CF-E7CF1458960A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe () [File not signed] FirewallRules: [{B452B7F2-4EA0-4718-A651-51728C8A2B6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe () [File not signed] FirewallRules: [{720BFE29-2E6C-42FA-8A83-6C6DF1AB2518}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrailmakersOpenWeekend\Trailmakers.exe () [File not signed] FirewallRules: [{73C2CC98-32D1-4977-82EF-3504DA08D956}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrailmakersOpenWeekend\Trailmakers.exe () [File not signed] FirewallRules: [{C426F5FE-358F-4CBC-94EF-E7D71B1D38A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{B6E8D499-2CC4-4EEF-97AC-09CFAC7B0BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{02F17072-8E52-4FB1-B7CD-CA4F6802C152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe () [File not signed] FirewallRules: [{4B74A51B-0F03-4ED7-8387-92ABBB490EDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe () [File not signed] FirewallRules: [{04B06CB2-33B1-417A-AC4F-7637EED0BFEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{918A7C9C-17A8-4659-AED8-DD69405DB329}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EEA78BE9-A07A-453B-A3AC-83BC5D0E7F1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{FA01BB15-9A81-4155-B4EF-D3338A25BF05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{09C9572D-FE4A-4247-AEC4-6B40EC020E42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2A7D9CDA-AC80-4BA6-A5AD-5CC4991377A6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{96C24BA4-2035-4A64-9046-34F8046EFDC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F02DB0AE-E03D-46F5-B95B-FD69DA97EC27}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{013E04C2-C91D-4D58-8A5C-560842C4C6D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{467D618B-92F8-444E-9C8C-479D11966FEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.83.318.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{82DF2C6D-D503-46E5-A2AD-95EBF593D1AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A884F757-1CA1-4F96-82D7-073A8E43580E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{638B0482-3BB6-4029-937A-851719D5060B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1A9601F9-79AF-4365-972D-7BA0D0399FC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F0EB573D-DFBE-4EF9-ACB4-A1C9DF85FB84}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5E76EB60-915B-41F9-BF22-57B03D6BC63A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8E20ECF4-31D8-4709-AC81-7932D0420BA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{61679DD1-156C-411E-82B1-6F1084D1CACC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C76F475D-FD31-4A4F-B6F8-2B193B75B928}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E6FA5E5B-0F34-4BAB-A268-2311FB4A10A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C7F2977E-436B-4CE7-978A-BFDA72342A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{48BFCA9E-C834-4253-976B-08FC5F493CD8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7D57B76D-AA1C-4DCD-AAFD-DEAACA8C6BD2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{380B1173-3EF0-404E-B6A7-05F7BE465802}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{15CB4D64-4A75-41D2-97E0-F2E4D006C7D4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CFE18474-7D6A-40A7-B412-583C30C06056}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{98FCC730-7D59-4470-8E40-470CEDE85514}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AD6EDF9B-4819-4774-A874-CE0400378A64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{88C347DE-5FE4-43E2-AB58-0A1224C5F697}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9095EACA-3C68-4001-B60C-D8B3C6E83834}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{10838026-82B8-4C27-9284-B312F3015830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{2228F7F8-21D3-45A5-B56C-12CB73BC6C61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [TCP Query User{ECE5F574-0533-4CC6-BD3C-03F4DE3D2E71}C:\users\pilto\onedrive\desktop\video game related\dolphin-x64\dolphin.exe] => (Allow) C:\users\pilto\onedrive\desktop\video game related\dolphin-x64\dolphin.exe () [File not signed] FirewallRules: [UDP Query User{7CF2D368-16A7-420E-9B25-409E27C7A1E7}C:\users\pilto\onedrive\desktop\video game related\dolphin-x64\dolphin.exe] => (Allow) C:\users\pilto\onedrive\desktop\video game related\dolphin-x64\dolphin.exe () [File not signed] FirewallRules: [{7CFB8E8E-E36A-42F7-9EA7-929D65D8A83F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{5160DB99-218B-45D1-9338-E6AAE2045421}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{E598A9E8-757E-496A-BB69-F1F6015B940B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{4019ABCA-05B0-4234-B4ED-A1F2F2CA606B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{DD858EA8-5E8B-404F-805D-2B7183994FB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [{2C97BF65-F8B1-4A41-B7D8-0BC6E53FC27A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [TCP Query User{86585D0D-61C1-4A82-AA52-46887EFAE57C}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [UDP Query User{88F3E58C-8166-4696-9D4A-1EAC13A52072}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [{CBDFD0F5-61AE-4CFB-A135-B6C42C7A1081}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [{311DB8FC-B9F8-49A3-8BE2-0900CC7639D4}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency_x64.exe (New World Interactive LLC -> New World Interactive LLC) FirewallRules: [TCP Query User{829D693D-B05E-4AFF-89E0-88EF3528F0F0}C:\users\pilto\onedrive\desktop\video game related\zsnes\zsnesw.exe] => (Allow) C:\users\pilto\onedrive\desktop\video game related\zsnes\zsnesw.exe () [File not signed] FirewallRules: [UDP Query User{D8D14342-2C4C-48DC-A9ED-A33DF6891639}C:\users\pilto\onedrive\desktop\video game related\zsnes\zsnesw.exe] => (Allow) C:\users\pilto\onedrive\desktop\video game related\zsnes\zsnesw.exe () [File not signed] FirewallRules: [{D70F59EB-95B1-4DCE-84A2-A66BFDB4F6C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{3762E549-72B6-4066-B73A-0BF33196B2DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{5C72ADE1-83F0-4E1D-9E55-54554D835B14}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{25D36B50-499F-49A9-A2C2-741B2EF519B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{E881F2D2-1A38-44E5-8896-165D55868AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{A029E43E-994B-4A94-AEF8-612A5D064515}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{AF8E4A9E-1DAD-4D42-B170-8C9C34C5E141}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{981C0DFD-33B7-4CA2-BBA7-6EAD7A223E66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{925B09DD-6D65-4638-B57B-DA9B996AE8CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{033BC5A8-DB5E-4DFF-9856-DBBBB29CA6CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{D4FC1E3F-79C1-4189-B2E0-81DF4067BDAB}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\RtWlan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) FirewallRules: [{38C19CC2-906B-4834-B0B4-5B27D1D32BA8}] => (Allow) LPort=1542 FirewallRules: [{FA9918EF-8B14-4B02-AC23-E81F867C0813}] => (Allow) LPort=1542 FirewallRules: [{8DB950D0-44CD-4661-B2F6-A316E06B55C4}] => (Allow) LPort=53 FirewallRules: [{29EE1F45-2AB3-47C4-B352-CD5D9B525F36}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\Rtldhcp.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{E515A3DD-EE81-4A22-995C-32240E281689}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{C9DEEBFF-D567-41E3-807D-B9819999442F}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{9CEF1834-C0F4-4FF0-B2B1-C9717BCA8AFD}] => (Allow) LPort=53 FirewallRules: [{AD22CAEF-EBB9-406F-AFE8-BC142922A56C}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{2FB646E6-1D6F-4D38-9608-C6A0BF746407}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{68D1F4F9-359B-4A68-9506-A1BA41D8F8DE}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{AA912B0B-9703-4393-A4BA-BA18120F1A30}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{727706CD-8670-46DE-9FCC-81D892F45916}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed] FirewallRules: [{A2C1111B-BE9C-485A-92DD-066BC5C3DAFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed] FirewallRules: [{7FEB44C3-C3A1-4631-A6BF-ECB15BB1B0F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{CABC8648-64DB-4A74-9C81-D825BA6CE05C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [TCP Query User{108A864B-EF6D-4959-BE94-6DFE3C9D98F1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe (Riot Games, Inc. -> ) FirewallRules: [UDP Query User{D179818A-83D7-4F29-907D-4905B3331BF3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe (Riot Games, Inc. -> ) FirewallRules: [{E1805E26-CC6F-40BA-A1CD-3373AE263C93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{6A28E02C-0671-4106-B1DD-2CB86ADD77DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{08BCA0FB-DA23-4B13-A076-0C76AD86BD5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{8428CDF6-53FA-424A-8740-69EC081988C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{DED81430-A8A5-41BC-9F48-B91A6D984052}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe ( Taleworlds Entertainment) [File not signed] FirewallRules: [{D28E51C0-FB5E-4680-8F00-8F0EAE979E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe ( Taleworlds Entertainment) [File not signed] FirewallRules: [{23E135E5-F7BB-4689-AED5-8FD32FE0811D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{B014B110-26EE-4B48-809C-8225B298592B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{48AE38E7-5F2C-44F2-A49E-C746144F9B83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{E3A381A2-AF69-48CF-A763-243FCEC6967B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{83B3AA27-B161-44B1-9671-DCBAAAADC1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{E1334129-011A-4FB5-AB8A-2DE732F55D0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{410EC154-022B-4491-BCD5-1806C689BF41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C832DE4F-64EA-48FB-A666-CDCDD3D25A3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2D4425A9-02E1-4647-9B2E-3CD1F55F3040}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe (Valve Corp. -> Avalanche Studios) [File not signed] FirewallRules: [{9673FCBF-D1EE-49CC-B916-331CDF5AFBC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe (Valve Corp. -> Avalanche Studios) [File not signed] FirewallRules: [{6819BF2E-E95D-4936-BC4F-374803CA861D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe (Just Cause 2: Multiplayer) [File not signed] FirewallRules: [{28500F46-A03E-458B-9B72-79A629AED8C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe (Just Cause 2: Multiplayer) [File not signed] FirewallRules: [{1348BA43-B386-4DF2-AA12-5E55CAC61A41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{CF9F2A70-664F-43DB-A16C-5AF994A0AE20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{72CBFACA-6538-440F-A6A8-81E7371D40A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe () [File not signed] FirewallRules: [{61A60FD1-76DE-451E-B49A-90B2189A0F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe () [File not signed] FirewallRules: [{376FE86C-0F2D-465B-9279-3F0108467806}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{D9D56CC9-E7CB-4256-96DE-F759344449CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{0EFE3913-D3CB-4B6C-8BE1-46C5E081C628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe () [File not signed] FirewallRules: [{3DA90FDA-0597-4A5A-915D-60D4A9B2C3C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe () [File not signed] FirewallRules: [{BEE9D614-1830-4B82-A17D-4430A2652834}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{406737E1-2360-4346-A48E-1D623583E356}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{F0F900C4-2B79-4BF9-A20D-95DEE0DCD75E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{B42834E2-8D6F-4675-9506-53260875A39A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{FF070AB4-AE25-44EB-94AB-879FADED4FCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{0118C637-E82F-4C61-8E66-6CC40301090D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe () [File not signed] FirewallRules: [{2526C4C6-7502-4745-BBAD-306FC5BE4454}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe () [File not signed] FirewallRules: [{77D1CAF7-9E21-475D-BEC3-CC5C172864D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe () [File not signed] FirewallRules: [{764BCE09-1960-426C-9A67-CD16D3765190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed] FirewallRules: [{04549C64-7507-48BB-BB60-0D2FB7B79BFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed] FirewallRules: [{4D572AC3-A898-44C9-9474-36DF0EEECB3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{391A7B83-87EC-492C-B5A3-029ADA46F3E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{1E437D8C-7B0F-476D-AD9C-04B0F0CBE2F9}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{AD449CE4-503F-4CC6-8741-06738B18F307}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{606C41E2-78D0-4400-BACB-41373C9A9354}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment) FirewallRules: [{48E67258-25C2-491B-B51E-25D1D7769C32}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment) FirewallRules: [{FDD3A496-8290-4993-AE93-2D3675A83BED}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe (Respawn Entertainment, LLC -> Respawn Entertainment) FirewallRules: [{E3D4A01F-05AA-4BA2-B4F7-3F984C1ED373}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe (Respawn Entertainment, LLC -> Respawn Entertainment) FirewallRules: [{3A7B6E55-DAFF-4E27-8D4C-EF59402747A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe (Bethesda Softworks -> Bethesda Softworks, Obsidian Entertainment) FirewallRules: [{CF1DC2CC-F491-42B5-AA54-7878DC75693A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe (Bethesda Softworks -> Bethesda Softworks, Obsidian Entertainment) FirewallRules: [{054976E6-58FF-4F42-8F91-0CF0B4756C4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{953442A0-007E-4C9A-8710-A5F99648536D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{75816C11-DBEB-4395-876F-5968022C434B}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec) FirewallRules: [TCP Query User{0B3A24B3-68C5-4A05-9A22-4A6307E934E9}C:\program files (x86)\origin games\apex\r5apex.exe] => (Block) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment) FirewallRules: [UDP Query User{D8B3B729-7313-42EA-AC07-C9B2725AC482}C:\program files (x86)\origin games\apex\r5apex.exe] => (Block) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment) FirewallRules: [{BD0AF1EA-A10C-4349-BFC1-2D8B5ABBCB00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe (Bethesda Softworks) [File not signed] FirewallRules: [{6ED886C0-5850-45A1-B1D4-EFAA4BB1DECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe (Bethesda Softworks) [File not signed] FirewallRules: [TCP Query User{24B9EC76-A5F0-4F30-83E4-B2B05E446B21}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [UDP Query User{39980C14-5BD9-4039-8723-328D007A9110}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [TCP Query User{AACFA88F-6DD3-4D9E-A921-9DAC344502B6}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{C4179AD3-8F20-49A5-B9E9-B2FEA7E27ECC}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe FirewallRules: [{834D2848-CB1A-423C-8B4C-D6FB2655608A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed] FirewallRules: [{11C88E8B-6404-4862-9930-258B24FA27EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed] FirewallRules: [{0A556DB6-C581-482B-8161-9EFF64C754EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jalopy\Jalopy.exe () [File not signed] FirewallRules: [{2EA429EA-E85A-4EAF-9821-AAA9DC56D63A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jalopy\Jalopy.exe () [File not signed] FirewallRules: [{3663C902-159C-4864-8837-5E170A8308CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueMod\ZorsLegacy.exe (Cellar Door Games, Inc.) [File not signed] FirewallRules: [{AB3A807C-2E5D-425E-A810-A5C12AC46D10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueMod\ZorsLegacy.exe (Cellar Door Games, Inc.) [File not signed] FirewallRules: [{F36B6B8D-B31C-4DF0-BEF9-EC77567E2472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe () [File not signed] FirewallRules: [{E76E8942-A21A-4BD1-A4C5-F2C94344FFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackwake\Blackwake.exe () [File not signed] FirewallRules: [{AC968012-EAFD-42BA-8034-6A7F59A1A163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{44FB129A-796A-4DC9-B44B-00B8D1E616CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{BB0219B9-BD14-4826-A7AB-5B846D4C87CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed] FirewallRules: [{F6A0303D-AC24-4A1B-839F-0AA8324F014F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed] FirewallRules: [{41620110-E423-4D84-89EE-CBE95D278140}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed] FirewallRules: [{76355A74-A454-4D3F-A6F1-B7130D54A238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed] FirewallRules: [{16A58735-60AC-4927-B0D2-E50CC56B704D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{2A29760C-8811-4E9F-886A-94CA2008E92F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{279AE82D-7766-46F4-BC31-57E2C5891BA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed] FirewallRules: [{2958B5E0-E279-4CD2-A525-AFCE95ACFC2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed] FirewallRules: [{B907D905-7EC6-4568-8699-7E860BFC475D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{1DED760F-1AE5-4B17-A71D-C746CC9DB381}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{8D49902B-EAB5-4CB6-A7F1-936895821C5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mordhau\Mordhau.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{D3C55335-11D5-4309-993B-3136D0210BDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mordhau\Mordhau.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{36E34850-6B86-4C73-8230-6CA984241EC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.) FirewallRules: [{0614C583-4F57-42E4-B540-B2911CE558E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.) FirewallRules: [{7A1BE742-831E-44BA-95D1-23515CCE9490}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4113ED3F-64B9-4DAC-A8FB-AB1D286CDA12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{0B54DF1B-7BAE-45D6-8596-820A5C708BE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{55F18E90-8051-4259-A276-D0DF30519277}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{85FEE6BE-03E6-44C9-B192-9984EA7A2446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{4DF55F89-AAC7-4CA4-86BC-4A9B6E8F651E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{C19B7B1E-456A-47D8-89B5-9B2C0809DA6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure DX\AppLauncher.exe (SEGA EUROPE LIMITED -> SEGA) FirewallRules: [{B47C79F6-D143-4DB2-9D0B-DE3D84ED0EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic Adventure DX\AppLauncher.exe (SEGA EUROPE LIMITED -> SEGA) FirewallRules: [{DEF474DF-1033-4973-BBFA-073BE7A8A95C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Hunters\moonhunters.exe () [File not signed] FirewallRules: [{81743AD3-7182-4FDA-93CF-902ACBA4E1B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Hunters\moonhunters.exe () [File not signed] FirewallRules: [{1511D76E-D90C-496C-8413-7E3D8A9D0596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed] FirewallRules: [{C79882D8-AB0E-45E6-B556-456B4CAAE0F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed] FirewallRules: [{6CB2B1DE-BC19-41A8-B862-71665767442F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe (Devolver) [File not signed] FirewallRules: [{7B0FC373-029C-4A8E-BE9C-9C77CCAE9D55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe (Devolver) [File not signed] FirewallRules: [{93857713-9F5C-4913-9DB5-150AE1FFCE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Caster\caster.exe () [File not signed] FirewallRules: [{CEB72AA5-5A5F-4B1E-9424-021503F89A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Caster\caster.exe () [File not signed] FirewallRules: [{8C58607A-2F50-4DCD-BF79-4FC020AACD73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe ( ) [File not signed] FirewallRules: [{61DE95B7-DB95-4605-8236-EA825500654F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe ( ) [File not signed] FirewallRules: [{42217C80-6338-4F6D-BDC1-EC9DCD55EA75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueMod\ZorsLegacy.exe (Cellar Door Games, Inc.) [File not signed] FirewallRules: [{4BEC8D43-B976-4185-822A-6D07CA5B66D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueMod\ZorsLegacy.exe (Cellar Door Games, Inc.) [File not signed] FirewallRules: [{A0B84242-D169-417B-9ECD-58460A7AF770}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed] FirewallRules: [{8CC3D13A-E64C-4F8D-BA2E-D07D24DE01B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed] FirewallRules: [{0CF02081-E77A-49CF-8573-4C0FF56EB1C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS REMASTERED\DarkSoulsRemastered.exe (NAMCO BANDAI Games Inc.) [File not signed] FirewallRules: [{6F808AAF-6793-4FAF-B4C6-F615A4A08AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS REMASTERED\DarkSoulsRemastered.exe (NAMCO BANDAI Games Inc.) [File not signed] FirewallRules: [{1E3420AD-24D2-43F2-B166-B71B8904BE77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe (Team17 Software Ltd) [File not signed] FirewallRules: [{01BD8211-6751-4F73-A4CE-19697CF24188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe (Team17 Software Ltd) [File not signed] FirewallRules: [{421DDDCA-94C9-447E-91BA-8D58F678CEFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{7CC05F81-1622-4FE7-B630-6426C243F5BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe (Sven Co-op Team) [File not signed] FirewallRules: [{5F270432-5A33-41BD-8315-76659A20CA32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe (Sven Co-op Team) [File not signed] FirewallRules: [{60271F6A-F5A5-4A59-AE52-CE843F045D0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe (Sven Co-op Team) [File not signed] FirewallRules: [{BABE44AB-F0DE-45DD-8CA8-58F995A599F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe (Sven Co-op Team) [File not signed] FirewallRules: [{1DEF5406-8833-480C-964E-ABA50CDAECA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve -> ) FirewallRules: [{E5E2D989-BBDD-4117-8858-5F75D734FC26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve -> ) FirewallRules: [{8AA24196-C28E-40B9-8BE9-C005C6F40783}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\synergy.exe () [File not signed] FirewallRules: [{CA3E8DA6-18BE-4705-9836-2B291B8D2D62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Synergy\synergy.exe () [File not signed] FirewallRules: [{A98B8592-9A07-41F7-A513-FDC28DEE47CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe (Humble Hearts LLC) [File not signed] FirewallRules: [{F4696471-B11E-48AF-8037-B99E02257D56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe (Humble Hearts LLC) [File not signed] FirewallRules: [{4937D3BB-28C0-4DFE-9326-FF27ACA6FD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{A228B8D2-0FDB-49E0-8934-AA4C25A75C59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{E56C8343-49E6-4207-ACB4-32BBB129768B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed] FirewallRules: [{D34E5AEC-03E4-4BDE-A6A1-A87D3E518757}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed] FirewallRules: [{9DA6892E-9CC0-4406-805F-4F1FBDC81BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed] FirewallRules: [{1F72B07F-F009-4271-910E-C880F0C6B566}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed] FirewallRules: [{741320FB-2AB8-439F-8125-210D28389DF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{676BA61A-9750-4586-8921-7FBFAAF4AF8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed] FirewallRules: [{192D9A4A-720A-40EF-B810-78990DD80336}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{18D61CDB-E30F-4ADA-A33C-C74D1AC1D250}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{08675350-6DF8-4EBE-91F7-A903BE5FCDE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5E3568AC-3ABE-4D49-B936-F58BFC47DF18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{08F13CB5-8D99-4A0C-87F6-B12B66F032A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{80A9420D-900F-4096-A3B6-A47F6F5F96C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{911231DE-A49F-4659-A4E1-B5C919543208}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{55E2AE16-234E-4489-9E19-189F56087FDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{31DE28B6-9220-484A-9656-D5B046B239BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe () [File not signed] FirewallRules: [{D0345901-AA68-4203-8B2F-BA246EFF9309}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe () [File not signed] ==================== Restore Points ========================= 20-06-2019 15:38:21 Scheduled Checkpoint 28-06-2019 00:59:09 Scheduled Checkpoint 06-07-2019 00:52:36 Scheduled Checkpoint 09-07-2019 23:18:34 Windows Update 11-07-2019 16:00:31 Windows Modules Installer ==================== Faulty Device Manager Devices ============= Name: Evolve Virtual Ethernet Adapter Description: Evolve Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Echobit LLC Service: EvolveVirtualAdapter Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2019 01:10:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RtWLan.exe, version: 700.1694.1130.2015, time stamp: 0x565bf8d1 Faulting module name: RtlIhvOid.dll, version: 1.1042.503.2016, time stamp: 0x57285653 Exception code: 0xc0000005 Fault offset: 0x0000a4ed Faulting process id: 0x13ec Faulting application start time: 0x01d536ea510dd2d7 Faulting application path: C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe Faulting module path: C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlIhvOid.dll Report Id: 58637433-db7a-48b1-90dd-2abc980c2967 Faulting package full name: Faulting package-relative application ID: Error: (07/11/2019 04:15:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3cdc Start Time: 01d5383aeecf8e0a Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Report Id: 85e857a3-7099-45c4-9cda-5db60ef7381d Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen Error: (07/10/2019 10:37:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2898 Start Time: 01d53795c319a7da Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Report Id: 370ef026-1657-426f-834c-b067008385fc Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen Error: (07/10/2019 03:55:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HxOutlook.exe version 16.0.11629.20280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: a14 Start Time: 01d5377287f82f9a Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Report Id: bcee426c-f588-43eb-a4da-e2e029df98b7 Faulting package full name: microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: microsoft.windowslive.mail Error: (07/10/2019 01:49:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program MSIAfterburner.exe version 4.6.1.15561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1780 Start Time: 01d536eab5664200 Termination Time: 5355 Application Path: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe Report Id: 817f58af-d33c-4e6e-91ae-6f055c06f709 Faulting package full name: Faulting package-relative application ID: Error: (07/10/2019 01:12:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: fbc Start Time: 01d536f5d63d7fb0 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 959aae7d-f013-4ed6-afdb-eab137200e35 Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (07/10/2019 12:21:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 10.0.17134.677, time stamp: 0xb4a88dff Faulting module name: mbshlext.dll_unloaded, version: 3.0.0.78, time stamp: 0x5c478783 Exception code: 0xc0000005 Fault offset: 0x000000000000fc9e Faulting process id: 0x108c Faulting application start time: 0x01d536eac96ca1cf Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: mbshlext.dll Report Id: 9ad59501-9f84-4dbe-9ff4-36e0b9c817ec Faulting package full name: Faulting package-relative application ID: Error: (07/04/2019 02:44:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 174c Start Time: 01d5324d80ad3f73 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Report Id: e5f9c724-0386-41ef-878a-14a0a73d527b Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen System errors: ============= Error: (07/12/2019 02:02:22 PM) (Source: DCOM) (EventID: 10016) (User: KINGDOMMATRIX) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user KINGDOMMATRIX\Lily Black SID (S-1-5-21-2750190111-669293689-376763079-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/12/2019 02:00:32 PM) (Source: DCOM) (EventID: 10016) (User: KINGDOMMATRIX) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user KINGDOMMATRIX\Lily Black SID (S-1-5-21-2750190111-669293689-376763079-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/12/2019 01:59:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The System Guard Runtime Monitor Broker service hung on starting. Error: (07/12/2019 01:57:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/12/2019 01:57:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/12/2019 01:56:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (07/12/2019 01:53:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server Windows.Internal.StateRepository.ApplicationExtension did not register with DCOM within the required timeout. Error: (07/12/2019 01:52:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Realtek DHCP Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2019-07-11 00:51:10.333 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Beareuws.A!ml&threatid=256596&enterprise=0 Name: Program:Win32/Beareuws.A!ml ID: 256596 Severity: Medium Category: Potentially Unwanted Software Path: file:_C:\Users\pilto\AppData\Roaming\Rogohemes.exe; file:_C:\Windows\Temp\Tmp5BA.tmp Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Signature Version: AV: 1.297.843.0, AS: 1.297.843.0, NIS: 1.297.843.0 Engine Version: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-11 00:21:51.811 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Beareuws.A!ml&threatid=256596&enterprise=0 Name: Program:Win32/Beareuws.A!ml ID: 256596 Severity: Medium Category: Potentially Unwanted Software Path: file:_C:\Users\pilto\AppData\Roaming\Rogohemes.exe; file:_C:\Windows\Temp\Tmp5BA.tmp Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\pilto\AppData\Roaming\Rogohemes.exe Signature Version: AV: 1.297.843.0, AS: 1.297.843.0, NIS: 1.297.843.0 Engine Version: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-11 00:21:03.062 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Beareuws.A!ml&threatid=256596&enterprise=0 Name: Program:Win32/Beareuws.A!ml ID: 256596 Severity: Medium Category: Potentially Unwanted Software Path: file:_C:\Users\pilto\AppData\Roaming\Rogohemes.exe; file:_C:\Windows\Temp\Tmp5BA.tmp Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\Common Files\Steam\SteamService.exe Signature Version: AV: 1.297.843.0, AS: 1.297.843.0, NIS: 1.297.843.0 Engine Version: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-11 00:21:00.974 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Beareuws.A!ml&threatid=256596&enterprise=0 Name: Program:Win32/Beareuws.A!ml ID: 256596 Severity: Medium Category: Potentially Unwanted Software Path: file:_C:\Users\pilto\AppData\Roaming\Rogohemes.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\Common Files\Steam\SteamService.exe Signature Version: AV: 1.297.843.0, AS: 1.297.843.0, NIS: 1.297.843.0 Engine Version: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-11 00:20:22.624 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Beareuws.A!ml&threatid=256596&enterprise=0 Name: Program:Win32/Beareuws.A!ml ID: 256596 Severity: Medium Category: Potentially Unwanted Software Path: file:_C:\Users\pilto\AppData\Roaming\Rogohemes.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\pilto\AppData\Roaming\Rogohemes.exe Signature Version: AV: 1.297.843.0, AS: 1.297.843.0, NIS: 1.297.843.0 Engine Version: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-09 23:52:01.125 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.297.788.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16100.4 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-07-04 15:52:49.757 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.297.455.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16100.4 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-06-18 18:37:13.362 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-06-18 18:37:13.172 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-06-18 18:37:12.830 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-06-18 18:37:12.081 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-06-18 18:37:11.793 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-06-18 18:37:11.620 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-06-18 18:32:51.379 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-06-18 18:32:51.310 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. ==================== Memory info =========================== BIOS: Award Software International, Inc. FA 04/23/2013 Motherboard: Gigabyte Technology Co., Ltd. GA-78LMT-USB3 Processor: AMD FX(tm)-4130 Quad-Core Processor Percentage of memory in use: 49% Total physical RAM: 8173.55 MB Available physical RAM: 4148.91 MB Total Virtual: 14573.55 MB Available Virtual: 8661.39 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:930.28 GB) (Free:70.2 GB) NTFS \\?\Volume{0bb51f3b-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS \\?\Volume{0bb51f3b-0000-0000-0000-c0a7e8000000}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS \\?\Volume{0bb51f3b-0000-0000-0000-b0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0BB51F3B) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=462 MB) - (Type=27) Partition 4: (Not Active) - (Size=449 MB) - (Type=27) ==================== End of Addition.txt ============================
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2019 Ran by Lily Black (administrator) on KINGDOMMATRIX (Gigabyte Technology Co., Ltd. GA-78LMT-USB3) (12-07-2019 14:16:46) Running from C:\Users\pilto\OneDrive\Desktop Loaded Profiles: Lily Black & (Available Profiles: Lily Black & D-Class Personel) Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Users\pilto\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1906.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1906.3-0\NisSrv.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1806800 2018-05-22] (Google Inc -> Google Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-05-08] (Corsair Memory, Inc. -> Corsair Memory, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135317185\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135357123\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135319467\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135403373\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [Discord] => C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [Parsec.App.0] => C:\Users\pilto\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-07-27] (Parsec Cloud, Inc.) [File not signed] HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\Run: [Discord] => C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\Run: [Parsec.App.0] => C:\Users\pilto\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-07-27] (Parsec Cloud, Inc.) [File not signed] HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\Run: [Discord] => C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\Run: [Parsec.App.0] => C:\Users\pilto\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-07-27] (Parsec Cloud, Inc.) [File not signed] HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2750190111-669293689-376763079-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135339810\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135417873\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC) Startup: C:\Users\pilto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2017-10-11] ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {185B3770-4CA1-4095-80B2-2EBE7FE74B91} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {334E9D5C-13CA-44B9-AAAB-8E0A805EB0F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {35094ED8-3C7E-4A35-B2D4-49A7E92472D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-11] (Google Inc -> Google Inc.) Task: {3B8CC85E-22BA-43D4-A966-DB3726ADBBA4} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [79390864 2017-04-12] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) Task: {42566D26-D4C1-4DE6-B8CE-63284A8CB72F} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [781808 2019-04-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) Task: {430EF5F7-A1DF-40B3-86AB-E011CA9EA9E3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {50F75EF4-64E9-4AE7-887C-C8155B329860} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {811636EB-3CCE-41DD-BBE5-CAF80F5AC784} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-11] (Google Inc -> Google Inc.) Task: {857A1027-55A0-430F-A1DF-584AF1593734} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {88972D16-051A-4E68-9DE1-CF034CFBE065} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {88AC76D1-0589-41A5-BD5D-CA415B34B1C0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {8B081278-4B69-44B5-B47A-6F9BCDB715F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8F20F2B8-526D-423C-B3D3-96C54E9A43F0} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {977A260D-6C2A-46ED-B904-2D8FA17B8B22} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A6433F79-C4B4-45CD-95ED-5BC8ED9A631D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {ACDE6563-A7A9-4E99-AFBA-95A63FCB3589} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {B0187E86-56D8-4093-BD5B-6AAEB2FB7ADF} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {BF422DF7-EDD1-49C9-B79D-0F3B1B964910} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C7DC9381-200A-4C16-8F11-443FE7D87377} - System32\Tasks\update-S-1-5-21-2750190111-669293689-376763079-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {D1D9E2B3-D04E-4452-B1F4-B3E97505D209} - System32\Tasks\{7068EF27-1543-9138-B212-1497762E4AB2}\dagob => C:\PROGRA~2\COMMON~1\KUFITO~1\dagob.exe Task: {E9456FE0-5491-438A-B78A-3DC54FC57B67} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EBA6571C-8CC2-4EBD-9120-AEE494A85B3B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F762A603-C367-467D-9C67-27345135F7B1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F7E842B3-05F9-43B1-99DA-B721A0429552} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F7FCF7FA-74F2-411F-8A96-9437A2BF2D08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {F9E98384-03E9-485F-918C-C32A9B7AC0C0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\update-S-1-5-21-2750190111-669293689-376763079-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{1880aad0-68fd-4493-8294-9516ebbb214c}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{77be57ea-6ea6-4e1a-8881-156e39895989}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKU\S-1-5-21-2750190111-669293689-376763079-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135321779 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07122019135409623 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) [File not signed] FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND) [File not signed] Chrome: ======= CHR Profile: C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default [2019-07-12] CHR Extension: (Slides) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-03] CHR Extension: (Docs) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-03] CHR Extension: (Google Drive) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16] CHR Extension: (YouTube) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-11] CHR Extension: (uBlock Origin) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-06-21] CHR Extension: (Share on Rabbit) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2019-01-15] CHR Extension: (Adobe Acrobat) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-10] CHR Extension: (Sheets) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-03] CHR Extension: (Google Docs Offline) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15] CHR Extension: (GeForce Experience Stream Client) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjljknijpnfibppaijefibndmiabonep [2019-01-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [238080 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2019-01-07] (BattlEye Innovations e.K. -> ) R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [50728 2019-05-08] (Corsair Memory, Inc. -> Corsair Memory, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2017-11-14] (Echobit, LLC -> Echobit LLC) R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [994256 2018-05-22] (Google Inc -> Google Inc.) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R2 Parsec; C:\Program Files\Parsec\pservice.exe [190536 2018-07-27] (Parsec Cloud, Inc. -> Parsec) R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2018-11-01] (Realtek Semiconductor Corp -> ) R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\NisSrv.exe [2455544 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MsMpEng.exe [110104 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [11922944 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [359936 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [96144 2019-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45968 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21904 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 cpuz148; C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [44648 2019-07-12] (CPUID S.A.R.L.U. -> CPUID) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2017-11-14] (Echobit, LLC -> Echobit, LLC) R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-12] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-12] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-12] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-12] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-12] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvlddmkm.sys [21836032 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-16] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek ) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [9860816 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation ) S3 RvNetMP60; C:\WINDOWS\System32\drivers\RvNetMP60.sys [69048 2019-05-13] (Famatech Corp. -> Famatech Corp.) R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> ) R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [701136 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.) R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [53128 2018-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47704 2019-07-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [367032 2019-07-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-07-08] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-04] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 zttap300; C:\WINDOWS\System32\drivers\zttap300.sys [30488 2018-03-16] (ZeroTier Networks LLC -> ZeroTier Networks LLC) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-12 14:06 - 2019-07-12 14:06 - 046683168 _____ (Microsoft Corporation) C:\Users\pilto\Downloads\Windows-KB890830-x64-V5.73.exe 2019-07-12 14:03 - 2019-07-12 14:03 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-07-12 14:03 - 2019-07-12 14:03 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-07-12 14:03 - 2019-07-12 14:03 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-07-12 14:03 - 2019-07-12 14:03 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-07-12 14:01 - 2019-07-12 14:01 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-07-12 00:19 - 2019-07-12 00:19 - 000000063 _____ C:\Users\pilto\AppData\Roaming\WB.CFG 2019-07-11 15:57 - 2019-07-12 14:16 - 000000000 ____D C:\FRST 2019-07-10 00:53 - 2019-07-10 00:53 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-10 00:53 - 2019-07-10 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-10 00:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-07-10 00:53 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-07-10 00:52 - 2019-07-10 00:52 - 064488416 _____ (Malwarebytes ) C:\Users\pilto\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11466.exe 2019-07-01 00:54 - 2019-07-01 00:54 - 000159543 _____ C:\Users\pilto\Downloads\LuteBot 1.2.zip 2019-06-30 17:33 - 2019-07-01 01:02 - 000000000 ____D C:\Users\pilto\Downloads\Midi 2019-06-30 17:30 - 2019-05-26 17:52 - 000002816 _____ C:\Users\pilto\Downloads\Lutebot Songlist.txt 2019-06-30 17:30 - 2019-05-24 20:37 - 000001793 _____ C:\Users\pilto\Downloads\NOTICE ABOUT SERVER SPEED.txt 2019-06-30 17:29 - 2019-06-30 17:29 - 005915774 _____ C:\Users\pilto\Downloads\Fohshizle Bard pack Vol II.rar 2019-06-30 17:22 - 2019-06-30 17:22 - 000369244 _____ C:\Users\pilto\Downloads\Lutebot 2.0 Final.zip 2019-06-29 22:24 - 2019-06-29 22:24 - 000000000 ____D C:\Users\pilto\AppData\Local\CrashReportClient 2019-06-29 12:43 - 2019-06-29 12:43 - 000000000 ____D C:\Users\pilto\AppData\Local\N_A 2019-06-29 12:41 - 2019-06-29 12:41 - 010747392 _____ (N/A) C:\Users\pilto\Downloads\MordhauFrankenstein.exe 2019-06-28 16:48 - 2019-06-28 16:48 - 000000000 ____D C:\Users\pilto\AppData\Local\Utale backup 2019-06-28 16:45 - 2019-06-28 16:46 - 000000096 _____ C:\Users\pilto\Downloads\undertale.ini 2019-06-27 09:27 - 2019-06-27 09:27 - 000027028 _____ C:\Users\pilto\OneDrive\Documents\cc_20190627_092730.reg 2019-06-24 18:31 - 2019-06-24 18:31 - 000000000 ____D C:\Users\pilto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SURVEY_PROGRAM 2019-06-24 18:31 - 2019-06-24 18:31 - 000000000 ____D C:\Program Files (x86)\SURVEY_PROGRAM 2019-06-18 18:19 - 2019-06-18 18:19 - 000284108 _____ C:\Users\pilto\Downloads\UNDERTALE.CT 2019-06-18 18:19 - 2019-06-18 18:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\{7068EF27-1543-9138-B212-1497762E4AB2} 2019-06-18 18:18 - 2019-06-18 18:19 - 000000000 ____D C:\ProgramData\{16622A5E-3E4A-5226-6612-7A0E8EFAA2D6} 2019-06-18 18:17 - 2019-06-18 18:41 - 000000000 ____D C:\Program Files (x86)\Segurazo 2019-06-18 18:17 - 2019-06-18 18:24 - 000000000 ____D C:\ProgramData\xaxmf 2019-06-18 18:17 - 2019-06-18 18:17 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\My Cheat Tables 2019-06-18 18:17 - 2019-06-18 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo 2019-06-18 15:44 - 2019-06-18 15:44 - 000000000 ____D C:\Program Files\UNP 2019-06-17 23:52 - 2019-06-17 23:52 - 000000000 ____D C:\Users\pilto\AppData\Local\FromSoftware 2019-06-14 22:30 - 2019-06-14 22:30 - 080997222 _____ () C:\Users\pilto\Downloads\SURVEY_PROGRAM_WINDOWS_ENGLISH.exe 2019-06-12 11:36 - 2019-06-07 04:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-06-12 11:36 - 2019-06-07 04:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-06-12 11:36 - 2019-06-07 03:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-06-12 11:36 - 2019-06-07 03:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-06-12 11:36 - 2019-06-07 03:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-06-12 11:36 - 2019-06-07 03:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-06-12 11:36 - 2019-06-07 03:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-06-12 11:36 - 2019-06-07 03:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-06-12 11:36 - 2019-06-07 03:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-06-12 11:36 - 2019-06-07 03:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-06-12 11:36 - 2019-06-07 03:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-06-12 11:36 - 2019-06-07 03:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-06-12 11:36 - 2019-06-07 03:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-06-12 11:36 - 2019-06-07 03:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-06-12 11:36 - 2019-06-07 03:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-06-12 11:36 - 2019-06-07 03:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-06-12 11:36 - 2019-06-06 23:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-06-12 11:36 - 2019-06-06 23:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll 2019-06-12 11:36 - 2019-06-06 22:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-06-12 11:36 - 2019-06-06 22:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-06-12 11:36 - 2019-06-06 22:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-06-12 11:36 - 2019-06-06 22:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-06-12 11:36 - 2019-06-06 22:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-06-12 11:36 - 2019-06-06 22:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-06-12 11:36 - 2019-06-06 22:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2019-06-12 11:36 - 2019-06-06 22:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-06-12 11:36 - 2019-06-06 22:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-06-12 11:36 - 2019-06-06 22:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-06-12 11:36 - 2019-06-06 22:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-06-12 11:36 - 2019-06-06 22:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-06-12 11:36 - 2019-06-06 22:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-06-12 11:36 - 2019-06-06 22:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-06-12 11:36 - 2019-06-06 22:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-06-12 11:36 - 2019-06-06 22:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-06-12 11:36 - 2019-06-06 22:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll 2019-06-12 11:36 - 2019-06-06 22:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-06-12 11:36 - 2019-06-06 22:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-06-12 11:36 - 2019-06-06 22:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-06-12 11:36 - 2019-06-06 22:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-06-12 11:36 - 2019-06-06 22:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-06-12 11:36 - 2019-06-06 22:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2019-06-12 11:36 - 2019-06-06 22:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-06-12 11:36 - 2019-06-06 22:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-06-12 11:36 - 2019-06-06 22:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2019-06-12 11:36 - 2019-06-06 21:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim 2019-06-12 11:36 - 2019-05-18 15:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-06-12 11:36 - 2019-05-18 15:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-06-12 11:36 - 2019-05-18 15:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-06-12 11:36 - 2019-05-18 15:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-06-12 11:36 - 2019-05-17 05:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-06-12 11:36 - 2019-05-17 05:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL 2019-06-12 11:36 - 2019-05-17 05:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-06-12 11:36 - 2019-05-17 05:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-06-12 11:36 - 2019-05-17 05:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-06-12 11:36 - 2019-05-17 05:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-06-12 11:36 - 2019-05-17 05:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2019-06-12 11:36 - 2019-05-17 05:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2019-06-12 11:36 - 2019-05-17 05:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2019-06-12 11:36 - 2019-05-17 05:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll 2019-06-12 11:36 - 2019-05-17 05:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2019-06-12 11:36 - 2019-05-17 05:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2019-06-12 11:36 - 2019-05-17 05:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-06-12 11:36 - 2019-05-17 05:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2019-06-12 11:36 - 2019-05-17 05:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL 2019-06-12 11:36 - 2019-05-17 05:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-06-12 11:36 - 2019-05-17 04:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2019-06-12 11:36 - 2019-05-17 04:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2019-06-12 11:36 - 2019-05-17 04:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll 2019-06-12 11:36 - 2019-05-17 04:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2019-06-12 11:36 - 2019-05-17 04:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2019-06-12 11:36 - 2019-05-17 04:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2019-06-12 11:36 - 2019-05-17 04:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2019-06-12 11:36 - 2019-05-17 04:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2019-06-12 11:36 - 2019-05-17 02:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-06-12 11:36 - 2019-05-17 01:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-06-12 11:36 - 2019-05-17 00:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2019-06-12 11:36 - 2019-05-16 23:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2019-06-12 11:36 - 2019-05-16 23:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2019-06-12 11:36 - 2019-05-16 23:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-06-12 11:36 - 2019-05-16 23:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-06-12 11:36 - 2019-05-16 23:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-06-12 11:36 - 2019-05-16 23:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2019-06-12 11:36 - 2019-05-16 23:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-06-12 11:36 - 2019-05-16 23:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-06-12 11:36 - 2019-05-16 23:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll 2019-06-12 11:36 - 2019-05-16 23:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2019-06-12 11:36 - 2019-05-16 23:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-06-12 11:36 - 2019-05-16 23:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe 2019-06-12 11:36 - 2019-05-16 23:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2019-06-12 11:36 - 2019-05-16 23:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2019-06-12 11:36 - 2019-05-16 23:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-06-12 11:36 - 2019-05-16 23:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2019-06-12 11:36 - 2019-05-16 23:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2019-06-12 11:36 - 2019-05-16 23:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-06-12 11:36 - 2019-05-16 23:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-06-12 11:36 - 2019-05-16 23:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-06-12 11:36 - 2019-05-16 23:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2019-06-12 11:36 - 2019-05-16 23:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-06-12 11:36 - 2019-05-16 23:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-06-12 11:36 - 2019-05-16 23:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2019-06-12 11:36 - 2019-05-16 23:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-06-12 11:36 - 2019-05-16 23:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-06-12 11:36 - 2019-05-16 23:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-06-12 11:36 - 2019-05-16 23:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-06-12 11:36 - 2019-05-16 23:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-06-12 11:36 - 2019-05-16 22:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-06-12 11:36 - 2019-05-16 22:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-06-12 11:36 - 2019-05-16 22:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-06-12 11:36 - 2019-05-16 22:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2019-06-12 11:36 - 2019-05-16 22:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2019-06-12 11:36 - 2019-05-16 22:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-06-12 11:36 - 2019-05-16 22:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-06-12 11:36 - 2019-05-16 22:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-06-12 11:36 - 2019-05-16 22:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe 2019-06-12 11:36 - 2019-05-16 22:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-06-12 11:36 - 2019-05-16 22:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2019-06-12 11:36 - 2019-05-16 22:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2019-06-12 11:36 - 2019-05-16 22:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2019-06-12 11:36 - 2019-05-16 22:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2019-06-12 11:36 - 2019-05-16 22:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-06-12 11:36 - 2019-05-16 22:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-06-12 11:36 - 2019-05-16 22:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-06-12 11:36 - 2019-05-16 22:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-12 14:19 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-07-12 14:07 - 2017-10-11 02:24 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-07-12 14:05 - 2018-05-23 05:03 - 000003492 _____ C:\WINDOWS\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE 2019-07-12 14:01 - 2017-10-11 02:03 - 000000000 ____D C:\Program Files (x86)\Steam 2019-07-12 13:59 - 2017-11-14 17:26 - 000000000 ____D C:\Users\pilto\AppData\Local\LogMeIn Hamachi 2019-07-12 13:55 - 2017-10-10 23:55 - 000000000 ____D C:\ProgramData\NVIDIA 2019-07-12 13:54 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-07-12 13:51 - 2018-05-23 05:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-07-12 13:51 - 2018-05-23 04:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-07-12 13:22 - 2018-05-23 05:03 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B699DAB3-0645-4D7D-83C8-E36DEE53BD85} 2019-07-12 13:15 - 2019-05-29 17:14 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-07-12 13:11 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-07-12 00:49 - 2018-08-29 12:47 - 000000000 ____D C:\Users\pilto\Downloads\LuteBot 1.2 2019-07-11 17:05 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-07-10 13:51 - 2019-05-23 16:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2019-07-10 00:53 - 2018-10-30 15:10 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-10 00:53 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-07-10 00:35 - 2018-01-14 06:43 - 000000000 ____D C:\Users\pilto\AppData\Local\Packages 2019-07-10 00:22 - 2017-10-11 12:34 - 000000000 ____D C:\Users\pilto\AppData\Local\CrashDumps 2019-07-09 23:24 - 2017-10-11 02:24 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-09 22:55 - 2017-10-11 02:27 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-07-09 18:26 - 2018-05-23 05:03 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-07-09 18:26 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-07-09 18:26 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-07-08 21:33 - 2018-02-26 01:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-08 15:32 - 2018-05-24 18:48 - 000000000 ____D C:\Users\pilto\AppData\Local\D3DSCache 2019-07-06 22:17 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-07-06 12:37 - 2017-10-22 22:25 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\BYOND 2019-07-06 00:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-07-06 00:24 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF 2019-07-04 15:47 - 2018-05-23 04:53 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-04 15:29 - 2018-05-23 04:40 - 000000000 ____D C:\Users\pilto 2019-07-04 15:28 - 2019-05-29 16:52 - 000003148 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2019-07-04 15:05 - 2019-02-12 19:23 - 000000000 ____D C:\Program Files (x86)\Origin 2019-07-04 01:24 - 2017-10-11 01:45 - 000000000 ____D C:\Users\pilto\AppData\Roaming\discord 2019-07-03 15:33 - 2018-05-23 05:03 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2750190111-669293689-376763079-1001 2019-07-03 15:33 - 2018-05-23 04:40 - 000002363 _____ C:\Users\pilto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-03 15:33 - 2017-10-11 00:12 - 000000000 ___RD C:\Users\pilto\OneDrive 2019-07-02 17:27 - 2017-10-11 00:11 - 000000000 ____D C:\Users\pilto\AppData\Local\Comms 2019-07-01 00:49 - 2019-05-26 05:29 - 000000000 ____D C:\Users\pilto\Downloads\Lutebot 2.0 Final 2019-06-28 20:19 - 2018-06-16 21:44 - 000000000 ____D C:\ProgramData\Packages 2019-06-28 18:26 - 2019-06-06 16:14 - 000000000 ____D C:\Users\pilto\AppData\Local\UNDERTALE 2019-06-27 22:30 - 2018-04-01 13:20 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\my games 2019-06-27 18:39 - 2019-02-22 23:19 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\SavedGames 2019-06-24 19:05 - 2018-10-31 21:13 - 000000000 ____D C:\Users\pilto\AppData\Local\DELTARUNE 2019-06-20 23:27 - 2017-10-11 01:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-20 23:27 - 2017-10-11 01:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-06-20 18:40 - 2018-01-11 22:15 - 000000000 ____D C:\Program Files\rempl 2019-06-17 23:52 - 2018-04-01 13:20 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\nbgi 2019-06-13 23:13 - 2017-10-11 02:11 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-06-13 15:09 - 2017-10-14 21:27 - 000000000 ___RD C:\Users\pilto\3D Objects 2019-06-13 15:09 - 2017-10-11 00:08 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-06-13 15:07 - 2018-05-23 04:33 - 000441160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr ==================== Files in the root of some directories ================ 2019-07-12 00:19 - 2019-07-12 00:19 - 000000063 _____ () C:\Users\pilto\AppData\Roaming\WB.CFG 2017-10-11 02:21 - 2017-10-11 02:21 - 000000003 _____ () C:\Users\pilto\AppData\Local\updater.log 2017-10-11 02:21 - 2017-10-11 02:21 - 000000425 _____ () C:\Users\pilto\AppData\Local\UserProducts.xml ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================
  7. Yup! The folder and files are gone, I've deleted the quarantined files from my pc, and I'm gonna run one more threat scan on MB. Thanks for all your help! ❤️
  8. Started On Tue Jul 9 23:20:19 2019 Engine: 1.1.16000.6 Signatures: 1.295.1362.0 MpGear: 1.1.15747.1 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 9 23:24:46 2019 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.73, June 2019 (build 5.73.16044.1) Started On Fri Jul 12 14:07:05 2019 Engine: 1.1.15900.4 Signatures: 1.293.2420.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 12 14:12:04 2019 Return code: 0 (0x0)
  9. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/12/19 Scan Time: 1:25 PM Log File: 2cc089a2-a4e3-11e9-a724-74d4359e2dfd.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11524 License: Trial -System Information- OS: Windows 10 (Build 17134.829) CPU: x64 File System: NTFS User: KINGDOMMATRIX\Lily Black -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 320379 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 22 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 1 PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [240], [707490],1.0.11524 Data Stream: 0 (No malicious items detected) Folder: 1 Adware.WinYahoo.TskLnk, C:\PROGRAM FILES (X86)\COMMON FILES\KUFITOSILELU, Quarantined, [1719], [707482],1.0.11524 File: 3 Adware.WinYahoo.TskLnk, C:\Program Files (x86)\Common Files\Kufitosilelu\dagob.exe, Quarantined, [1719], [707482],1.0.11524 Adware.WinYahoo.TskLnk, C:\Program Files (x86)\Common Files\Kufitosilelu\gupatul, Quarantined, [1719], [707482],1.0.11524 Adware.WinYahoo.TskLnk, C:\Program Files (x86)\Common Files\Kufitosilelu\pukiku.txt, Quarantined, [1719], [707482],1.0.11524 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  10. Alright I've scanned it on virus total, and as I was scanning it, Malwarebytes threw up a popup saying it blocked dagob.exe and it's folder, and needed me to restart me computer to complete the quarantine. Here's the link to the virustotal scan https://www.virustotal.com/gui/file/94eda44ae8f3574a628c02cd018882f5cefe067de33802e49780af3065f60e30/detection Let me finish up with your instructions then I'm going to restart my pc.
  11. I would like to make an addendum to my prior statements. The last time I got a popup last night was when I finally deleted quarantined files. And have yet to receive a popup since. But I'm not too keen that it won't come back.
  12. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2019 Ran by Lily Black (administrator) on KINGDOMMATRIX (Gigabyte Technology Co., Ltd. GA-78LMT-USB3) (11-07-2019 15:58:41) Running from C:\Users\pilto\OneDrive\Desktop Loaded Profiles: Lily Black & (Available Profiles: Lily Black & D-Class Personel) Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Users\pilto\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UNP\UpdateNotificationMgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1906.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1906.3-0\NisSrv.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBackend\NvSHIM.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe Failed to access process -> LockApp.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> ) HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1806800 2018-05-22] (Google Inc -> Google Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-05-08] (Corsair Memory, Inc. -> Corsair Memory, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155043958\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155045998\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [Discord] => C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [Parsec.App.0] => C:\Users\pilto\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-07-27] (Parsec Cloud, Inc.) [File not signed] HKU\S-1-5-21-2750190111-669293689-376763079-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155048775\...\Run: [Discord] => C:\Users\pilto\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155048775\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation) HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155048775\...\Run: [Parsec.App.0] => C:\Users\pilto\AppData\Roaming\Parsec\electron\parsec.exe [80666112 2018-07-27] (Parsec Cloud, Inc.) [File not signed] HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155048775\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2750190111-669293689-376763079-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155054730\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC) Startup: C:\Users\pilto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2017-10-11] ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {185B3770-4CA1-4095-80B2-2EBE7FE74B91} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe) Task: {334E9D5C-13CA-44B9-AAAB-8E0A805EB0F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {35094ED8-3C7E-4A35-B2D4-49A7E92472D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-11] (Google Inc -> Google Inc.) Task: {3B8CC85E-22BA-43D4-A966-DB3726ADBBA4} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [79390864 2017-04-12] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) Task: {42566D26-D4C1-4DE6-B8CE-63284A8CB72F} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [781808 2019-04-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) Task: {430EF5F7-A1DF-40B3-86AB-E011CA9EA9E3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {50F75EF4-64E9-4AE7-887C-C8155B329860} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {811636EB-3CCE-41DD-BBE5-CAF80F5AC784} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-11] (Google Inc -> Google Inc.) Task: {857A1027-55A0-430F-A1DF-584AF1593734} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {88972D16-051A-4E68-9DE1-CF034CFBE065} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {88AC76D1-0589-41A5-BD5D-CA415B34B1C0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {8B081278-4B69-44B5-B47A-6F9BCDB715F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MpCmdRun.exe [470176 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8F20F2B8-526D-423C-B3D3-96C54E9A43F0} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {977A260D-6C2A-46ED-B904-2D8FA17B8B22} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A6433F79-C4B4-45CD-95ED-5BC8ED9A631D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {ACDE6563-A7A9-4E99-AFBA-95A63FCB3589} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {B0187E86-56D8-4093-BD5B-6AAEB2FB7ADF} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {BF422DF7-EDD1-49C9-B79D-0F3B1B964910} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C7DC9381-200A-4C16-8F11-443FE7D87377} - System32\Tasks\update-S-1-5-21-2750190111-669293689-376763079-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {D1D9E2B3-D04E-4452-B1F4-B3E97505D209} - System32\Tasks\{7068EF27-1543-9138-B212-1497762E4AB2}\dagob => C:\Program Files (x86)\Common Files\Kufitosilelu\dagob.exe [1980416 2013-05-07] () [File not signed] Task: {E9456FE0-5491-438A-B78A-3DC54FC57B67} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EBA6571C-8CC2-4EBD-9120-AEE494A85B3B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F762A603-C367-467D-9C67-27345135F7B1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F7E842B3-05F9-43B1-99DA-B721A0429552} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd) Task: {F7FCF7FA-74F2-411F-8A96-9437A2BF2D08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe) Task: {F9E98384-03E9-485F-918C-C32A9B7AC0C0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\update-S-1-5-21-2750190111-669293689-376763079-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{1880aad0-68fd-4493-8294-9516ebbb214c}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{77be57ea-6ea6-4e1a-8881-156e39895989}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_cigdxjtnqwo_19_25_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzytDzytB0B0CtDyE0E0EzztN0D0Tzu0StByBtByDtN1L2XzuyEtFyDtAtFtDtFyDyDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyD0DtDyC0B0C0EtGtCzytCtAtG0EyB0CzztGtCyDzyyDtGtA0Ezz0AtBzzyB0D0AtB0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OyC1TyDyDtB1OtGyC1RtB1OtGyE1S1TzztG1S1T1T1RtGyDtC1S1TzyyDyBtB1T1TzytD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtAzzyDtN1Q2Z1B1P1RzutCyDyCtDzytDyBtDyBtC%26cr%3D1545513913%26a%3Dwsg_cigdxjtnqwo_19_25_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome SearchScopes: HKU\S-1-5-21-2750190111-669293689-376763079-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-2750190111-669293689-376763079-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07112019155048775 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) [File not signed] FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND) [File not signed] Chrome: ======= CHR Profile: C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default [2019-07-11] CHR Extension: (Slides) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-03] CHR Extension: (Docs) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-03] CHR Extension: (Google Drive) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16] CHR Extension: (YouTube) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-11] CHR Extension: (uBlock Origin) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-06-21] CHR Extension: (Share on Rabbit) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2019-01-15] CHR Extension: (Adobe Acrobat) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-10] CHR Extension: (Sheets) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-03] CHR Extension: (Google Docs Offline) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15] CHR Extension: (GeForce Experience Stream Client) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjljknijpnfibppaijefibndmiabonep [2019-01-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\pilto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [238080 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2019-01-07] (BattlEye Innovations e.K. -> ) R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [50728 2019-05-08] (Corsair Memory, Inc. -> Corsair Memory, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2017-11-14] (Echobit, LLC -> Echobit LLC) R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [994256 2018-05-22] (Google Inc -> Google Inc.) S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R2 Parsec; C:\Program Files\Parsec\pservice.exe [190536 2018-07-27] (Parsec Cloud, Inc. -> Parsec) R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2018-11-01] (Realtek Semiconductor Corp -> ) R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\NisSrv.exe [2455544 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MsMpEng.exe [110104 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [237568 2018-04-11] (Microsoft Corporation) S3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [11922944 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [359936 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [96144 2019-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45968 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21904 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 cpuz148; C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [44648 2019-07-09] (CPUID S.A.R.L.U. -> CPUID) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2017-11-14] (Echobit, LLC -> Echobit, LLC) R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-10] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-10] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-10] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvlddmkm.sys [21836032 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-16] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek ) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [9860816 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation ) S3 RvNetMP60; C:\WINDOWS\System32\drivers\RvNetMP60.sys [69048 2019-05-13] (Famatech Corp. -> Famatech Corp.) R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> ) R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [701136 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.) R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [53128 2018-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47704 2019-07-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [367032 2019-07-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-07-08] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2018-02-04] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 zttap300; C:\WINDOWS\System32\drivers\zttap300.sys [30488 2018-03-16] (ZeroTier Networks LLC -> ZeroTier Networks LLC) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-11 15:57 - 2019-07-11 15:58 - 000000000 ____D C:\FRST 2019-07-10 00:54 - 2019-07-10 00:54 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-07-10 00:54 - 2019-07-10 00:54 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-07-10 00:54 - 2019-07-10 00:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-07-10 00:54 - 2019-07-10 00:54 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-07-10 00:54 - 2019-07-10 00:54 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-07-10 00:53 - 2019-07-10 00:53 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-10 00:53 - 2019-07-10 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-10 00:53 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-07-10 00:53 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-07-10 00:52 - 2019-07-10 00:52 - 064488416 _____ (Malwarebytes ) C:\Users\pilto\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11466.exe 2019-07-01 00:54 - 2019-07-01 00:54 - 000159543 _____ C:\Users\pilto\Downloads\LuteBot 1.2.zip 2019-06-30 17:33 - 2019-07-01 01:02 - 000000000 ____D C:\Users\pilto\Downloads\Midi 2019-06-30 17:30 - 2019-05-26 17:52 - 000002816 _____ C:\Users\pilto\Downloads\Lutebot Songlist.txt 2019-06-30 17:30 - 2019-05-24 20:37 - 000001793 _____ C:\Users\pilto\Downloads\NOTICE ABOUT SERVER SPEED.txt 2019-06-30 17:29 - 2019-06-30 17:29 - 005915774 _____ C:\Users\pilto\Downloads\Fohshizle Bard pack Vol II.rar 2019-06-30 17:22 - 2019-06-30 17:22 - 000369244 _____ C:\Users\pilto\Downloads\Lutebot 2.0 Final.zip 2019-06-29 22:24 - 2019-06-29 22:24 - 000000000 ____D C:\Users\pilto\AppData\Local\CrashReportClient 2019-06-29 12:43 - 2019-06-29 12:43 - 000000000 ____D C:\Users\pilto\AppData\Local\N_A 2019-06-29 12:41 - 2019-06-29 12:41 - 010747392 _____ (N/A) C:\Users\pilto\Downloads\MordhauFrankenstein.exe 2019-06-28 16:48 - 2019-06-28 16:48 - 000000000 ____D C:\Users\pilto\AppData\Local\Utale backup 2019-06-28 16:45 - 2019-06-28 16:46 - 000000096 _____ C:\Users\pilto\Downloads\undertale.ini 2019-06-27 09:27 - 2019-06-27 09:27 - 000027028 _____ C:\Users\pilto\OneDrive\Documents\cc_20190627_092730.reg 2019-06-24 18:31 - 2019-06-24 18:31 - 000000000 ____D C:\Users\pilto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SURVEY_PROGRAM 2019-06-24 18:31 - 2019-06-24 18:31 - 000000000 ____D C:\Program Files (x86)\SURVEY_PROGRAM 2019-06-18 18:19 - 2019-06-18 18:19 - 000284108 _____ C:\Users\pilto\Downloads\UNDERTALE.CT 2019-06-18 18:19 - 2019-06-18 18:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\{7068EF27-1543-9138-B212-1497762E4AB2} 2019-06-18 18:18 - 2019-06-18 18:19 - 000000000 ____D C:\ProgramData\{16622A5E-3E4A-5226-6612-7A0E8EFAA2D6} 2019-06-18 18:17 - 2019-06-18 18:41 - 000000000 ____D C:\Program Files (x86)\Segurazo 2019-06-18 18:17 - 2019-06-18 18:24 - 000000000 ____D C:\ProgramData\xaxmf 2019-06-18 18:17 - 2019-06-18 18:17 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\My Cheat Tables 2019-06-18 18:17 - 2019-06-18 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo 2019-06-18 15:44 - 2019-06-18 15:44 - 000000000 ____D C:\Program Files\UNP 2019-06-17 23:52 - 2019-06-17 23:52 - 000000000 ____D C:\Users\pilto\AppData\Local\FromSoftware 2019-06-14 22:30 - 2019-06-14 22:30 - 080997222 _____ () C:\Users\pilto\Downloads\SURVEY_PROGRAM_WINDOWS_ENGLISH.exe 2019-06-12 11:36 - 2019-06-07 04:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-06-12 11:36 - 2019-06-07 04:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-06-12 11:36 - 2019-06-07 03:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-06-12 11:36 - 2019-06-07 03:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-06-12 11:36 - 2019-06-07 03:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-06-12 11:36 - 2019-06-07 03:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-06-12 11:36 - 2019-06-07 03:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-06-12 11:36 - 2019-06-07 03:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-06-12 11:36 - 2019-06-07 03:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-06-12 11:36 - 2019-06-07 03:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-06-12 11:36 - 2019-06-07 03:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-06-12 11:36 - 2019-06-07 03:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-06-12 11:36 - 2019-06-07 03:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-06-12 11:36 - 2019-06-07 03:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-06-12 11:36 - 2019-06-07 03:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-06-12 11:36 - 2019-06-07 03:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-06-12 11:36 - 2019-06-06 23:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-06-12 11:36 - 2019-06-06 23:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-06-12 11:36 - 2019-06-06 22:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll 2019-06-12 11:36 - 2019-06-06 22:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-06-12 11:36 - 2019-06-06 22:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-06-12 11:36 - 2019-06-06 22:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-06-12 11:36 - 2019-06-06 22:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2019-06-12 11:36 - 2019-06-06 22:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2019-06-12 11:36 - 2019-06-06 22:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-06-12 11:36 - 2019-06-06 22:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-06-12 11:36 - 2019-06-06 22:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-06-12 11:36 - 2019-06-06 22:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-06-12 11:36 - 2019-06-06 22:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2019-06-12 11:36 - 2019-06-06 22:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-06-12 11:36 - 2019-06-06 22:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-06-12 11:36 - 2019-06-06 22:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-06-12 11:36 - 2019-06-06 22:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-06-12 11:36 - 2019-06-06 22:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-06-12 11:36 - 2019-06-06 22:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-06-12 11:36 - 2019-06-06 22:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-06-12 11:36 - 2019-06-06 22:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-06-12 11:36 - 2019-06-06 22:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-06-12 11:36 - 2019-06-06 22:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2019-06-12 11:36 - 2019-06-06 22:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-06-12 11:36 - 2019-06-06 22:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-06-12 11:36 - 2019-06-06 22:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-06-12 11:36 - 2019-06-06 22:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll 2019-06-12 11:36 - 2019-06-06 22:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-06-12 11:36 - 2019-06-06 22:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-06-12 11:36 - 2019-06-06 22:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-06-12 11:36 - 2019-06-06 22:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-06-12 11:36 - 2019-06-06 22:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-06-12 11:36 - 2019-06-06 22:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2019-06-12 11:36 - 2019-06-06 22:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-06-12 11:36 - 2019-06-06 22:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-06-12 11:36 - 2019-06-06 22:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2019-06-12 11:36 - 2019-06-06 21:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim 2019-06-12 11:36 - 2019-05-18 15:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-06-12 11:36 - 2019-05-18 15:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-06-12 11:36 - 2019-05-18 15:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-06-12 11:36 - 2019-05-18 15:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-06-12 11:36 - 2019-05-17 05:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-06-12 11:36 - 2019-05-17 05:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL 2019-06-12 11:36 - 2019-05-17 05:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-06-12 11:36 - 2019-05-17 05:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-06-12 11:36 - 2019-05-17 05:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2019-06-12 11:36 - 2019-05-17 05:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-06-12 11:36 - 2019-05-17 05:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2019-06-12 11:36 - 2019-05-17 05:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2019-06-12 11:36 - 2019-05-17 05:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2019-06-12 11:36 - 2019-05-17 05:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll 2019-06-12 11:36 - 2019-05-17 05:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2019-06-12 11:36 - 2019-05-17 05:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll 2019-06-12 11:36 - 2019-05-17 05:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2019-06-12 11:36 - 2019-05-17 05:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-06-12 11:36 - 2019-05-17 05:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2019-06-12 11:36 - 2019-05-17 05:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL 2019-06-12 11:36 - 2019-05-17 05:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-06-12 11:36 - 2019-05-17 04:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2019-06-12 11:36 - 2019-05-17 04:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2019-06-12 11:36 - 2019-05-17 04:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll 2019-06-12 11:36 - 2019-05-17 04:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2019-06-12 11:36 - 2019-05-17 04:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2019-06-12 11:36 - 2019-05-17 04:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2019-06-12 11:36 - 2019-05-17 04:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2019-06-12 11:36 - 2019-05-17 04:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2019-06-12 11:36 - 2019-05-17 02:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-06-12 11:36 - 2019-05-17 01:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-06-12 11:36 - 2019-05-17 00:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2019-06-12 11:36 - 2019-05-16 23:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2019-06-12 11:36 - 2019-05-16 23:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2019-06-12 11:36 - 2019-05-16 23:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2019-06-12 11:36 - 2019-05-16 23:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-06-12 11:36 - 2019-05-16 23:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-06-12 11:36 - 2019-05-16 23:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-06-12 11:36 - 2019-05-16 23:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2019-06-12 11:36 - 2019-05-16 23:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-06-12 11:36 - 2019-05-16 23:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-06-12 11:36 - 2019-05-16 23:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll 2019-06-12 11:36 - 2019-05-16 23:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2019-06-12 11:36 - 2019-05-16 23:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-06-12 11:36 - 2019-05-16 23:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe 2019-06-12 11:36 - 2019-05-16 23:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2019-06-12 11:36 - 2019-05-16 23:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2019-06-12 11:36 - 2019-05-16 23:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2019-06-12 11:36 - 2019-05-16 23:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-06-12 11:36 - 2019-05-16 23:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2019-06-12 11:36 - 2019-05-16 23:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2019-06-12 11:36 - 2019-05-16 23:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-06-12 11:36 - 2019-05-16 23:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-06-12 11:36 - 2019-05-16 23:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-06-12 11:36 - 2019-05-16 23:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2019-06-12 11:36 - 2019-05-16 23:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-06-12 11:36 - 2019-05-16 23:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-06-12 11:36 - 2019-05-16 23:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2019-06-12 11:36 - 2019-05-16 23:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-06-12 11:36 - 2019-05-16 23:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-06-12 11:36 - 2019-05-16 23:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-06-12 11:36 - 2019-05-16 23:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-06-12 11:36 - 2019-05-16 23:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-06-12 11:36 - 2019-05-16 23:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-06-12 11:36 - 2019-05-16 23:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-06-12 11:36 - 2019-05-16 22:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-06-12 11:36 - 2019-05-16 22:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-06-12 11:36 - 2019-05-16 22:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-06-12 11:36 - 2019-05-16 22:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2019-06-12 11:36 - 2019-05-16 22:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2019-06-12 11:36 - 2019-05-16 22:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-06-12 11:36 - 2019-05-16 22:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2019-06-12 11:36 - 2019-05-16 22:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-06-12 11:36 - 2019-05-16 22:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-06-12 11:36 - 2019-05-16 22:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe 2019-06-12 11:36 - 2019-05-16 22:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-06-12 11:36 - 2019-05-16 22:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2019-06-12 11:36 - 2019-05-16 22:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-06-12 11:36 - 2019-05-16 22:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-06-12 11:36 - 2019-05-16 22:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2019-06-12 11:36 - 2019-05-16 22:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2019-06-12 11:36 - 2019-05-16 22:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2019-06-12 11:36 - 2019-05-16 22:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-06-12 11:36 - 2019-05-16 22:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-06-12 11:36 - 2019-05-16 22:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-06-12 11:36 - 2019-05-16 22:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-06-12 11:36 - 2019-05-16 22:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2019-06-11 23:11 - 2019-06-11 23:11 - 000000000 ____D C:\Users\pilto\AppData\Local\VA_11_Hall_A ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-11 16:05 - 2018-05-23 05:03 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B699DAB3-0645-4D7D-83C8-E36DEE53BD85} 2019-07-11 16:05 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-07-11 16:04 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-07-11 16:03 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-07-11 15:52 - 2017-10-10 23:55 - 000000000 ____D C:\ProgramData\NVIDIA 2019-07-11 15:49 - 2018-05-23 04:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-07-10 23:19 - 2017-10-11 02:03 - 000000000 ____D C:\Program Files (x86)\Steam 2019-07-10 16:08 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-07-10 15:28 - 2018-08-29 12:47 - 000000000 ____D C:\Users\pilto\Downloads\LuteBot 1.2 2019-07-10 13:51 - 2019-05-23 16:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2019-07-10 00:53 - 2018-10-30 15:10 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-10 00:53 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-07-10 00:35 - 2018-01-14 06:43 - 000000000 ____D C:\Users\pilto\AppData\Local\Packages 2019-07-10 00:22 - 2017-10-11 12:34 - 000000000 ____D C:\Users\pilto\AppData\Local\CrashDumps 2019-07-10 00:01 - 2018-05-23 05:03 - 000003492 _____ C:\WINDOWS\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE 2019-07-09 23:49 - 2017-11-14 17:26 - 000000000 ____D C:\Users\pilto\AppData\Local\LogMeIn Hamachi 2019-07-09 23:39 - 2018-05-23 05:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-07-09 23:24 - 2017-10-11 02:24 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-07-09 23:19 - 2017-10-11 02:24 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-07-09 22:55 - 2017-10-11 02:27 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-07-09 18:26 - 2018-05-23 05:03 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-07-09 18:26 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-07-09 18:26 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-07-08 21:33 - 2018-02-26 01:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-07-08 15:32 - 2018-05-24 18:48 - 000000000 ____D C:\Users\pilto\AppData\Local\D3DSCache 2019-07-06 22:17 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-07-06 12:37 - 2017-10-22 22:25 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\BYOND 2019-07-06 00:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-07-06 00:24 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF 2019-07-04 15:47 - 2018-05-23 04:53 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-07-04 15:29 - 2018-05-23 04:40 - 000000000 ____D C:\Users\pilto 2019-07-04 15:28 - 2019-05-29 16:52 - 000003148 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2019-07-04 15:05 - 2019-02-12 19:23 - 000000000 ____D C:\Program Files (x86)\Origin 2019-07-04 01:24 - 2017-10-11 01:45 - 000000000 ____D C:\Users\pilto\AppData\Roaming\discord 2019-07-03 15:33 - 2018-05-23 05:03 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2750190111-669293689-376763079-1001 2019-07-03 15:33 - 2018-05-23 04:40 - 000002363 _____ C:\Users\pilto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-07-03 15:33 - 2017-10-11 00:12 - 000000000 ___RD C:\Users\pilto\OneDrive 2019-07-02 17:27 - 2017-10-11 00:11 - 000000000 ____D C:\Users\pilto\AppData\Local\Comms 2019-07-01 00:49 - 2019-05-26 05:29 - 000000000 ____D C:\Users\pilto\Downloads\Lutebot 2.0 Final 2019-06-28 20:19 - 2018-06-16 21:44 - 000000000 ____D C:\ProgramData\Packages 2019-06-28 18:26 - 2019-06-06 16:14 - 000000000 ____D C:\Users\pilto\AppData\Local\UNDERTALE 2019-06-27 22:30 - 2018-04-01 13:20 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\my games 2019-06-27 18:39 - 2019-02-22 23:19 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\SavedGames 2019-06-27 08:54 - 2019-05-29 17:14 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2019-06-24 19:05 - 2018-10-31 21:13 - 000000000 ____D C:\Users\pilto\AppData\Local\DELTARUNE 2019-06-20 23:27 - 2017-10-11 01:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-20 23:27 - 2017-10-11 01:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-06-20 18:40 - 2018-01-11 22:15 - 000000000 ____D C:\Program Files\rempl 2019-06-17 23:52 - 2018-04-01 13:20 - 000000000 ____D C:\Users\pilto\OneDrive\Documents\nbgi 2019-06-13 23:13 - 2017-10-11 02:11 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-06-13 15:09 - 2017-10-14 21:27 - 000000000 ___RD C:\Users\pilto\3D Objects 2019-06-13 15:09 - 2017-10-11 00:08 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-06-13 15:07 - 2018-05-23 04:33 - 000441160 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Provisioning 2019-06-13 01:16 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr ==================== Files in the root of some directories ================ 2017-10-11 02:21 - 2017-10-11 02:21 - 000000003 _____ () C:\Users\pilto\AppData\Local\updater.log 2017-10-11 02:21 - 2017-10-11 02:21 - 000000425 _____ () C:\Users\pilto\AppData\Local\UserProducts.xml ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Addition.txt FRST.txt
  13. In addition, after looking at the properties of these files, they have secure access to all systems of my PC. Rather than the normal "Admin approval for computer file alteration required" set on.
  14. I have a UDP that refuses to be removed. It installed as Chromium Browser, and Lightning Fast Browser. Malwarebytes was able to catch the chromium browser, then I uninstalled it from the control panel, but Lightning Fast Browser wasn't there. So I uninstalled that through the start menu, and uninstalled Chromium since it was still in there too. Now that I've run a full scan including rootkits in both :D and :C, this new popup keeps coming up. It's that "There is a recommended update for this pc" popup that doesn't have an X to close it. Every time this popup comes up, I open my task manager, and trace it to my Roaming folder, where it manifests as 3 files. It always comes back with a "WB.CFG" file that's filled with encrypted garbage, a randomly named .EXE file, and a file of the same name with no assigned file type. The only way to close it is to end it in the task manager, and the deleting these three files doesn't do anything. They always come right back. Even scanning the three files directly with Malwarebytes doesn't pick anything up. I'm at a total loss of what to do, I even deleted the quarantined files that started all this, and it's still happening.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.